๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

Security Intermediate

What is SAST (Static Application Security Testing)?

Automated analysis of source code to find security vulnerabilities without executing the application.

SAST tools scan source code, bytecode, or binaries for security flaws like SQL injection, XSS, buffer overflows, and hardcoded credentials. They analyze code paths to find vulnerabilities before deployment. Tools include SonarQube, Semgrep, Bandit (Python), PHPStan with security rules, and commercial solutions like Checkmarx and Fortify. SAST integrates into CI/CD pipelines for continuous security checks. Advantages include early detection (shift-left security), complete code coverage, and no running application needed. Limitations include false positives, inability to detect runtime vulnerabilities, and difficulty with complex data flows across system boundaries.

Related Terms

OWASP Top 10
A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.
Hashing
A one-way function that converts input data into a fixed-size string of characters, used for data integrity and password storage.
SOC (Security Operations Center)
A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.
Data Loss Prevention (DLP)
A strategy and set of tools that detect and prevent unauthorized transmission of sensitive data outside an organization.
Vulnerability Scanning
Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.
OAuth 2.0
An authorization framework that allows third-party applications to access user resources without sharing passwords.
View All Security Terms โ†’