Security Intermediate

What is SAST (Static Application Security Testing)?

Automated analysis of source code to find security vulnerabilities without executing the application.

SAST tools scan source code, bytecode, or binaries for security flaws like SQL injection, XSS, buffer overflows, and hardcoded credentials. They analyze code paths to find vulnerabilities before deployment. Tools include SonarQube, Semgrep, Bandit (Python), PHPStan with security rules, and commercial solutions like Checkmarx and Fortify. SAST integrates into CI/CD pipelines for continuous security checks. Advantages include early detection (shift-left security), complete code coverage, and no running application needed. Limitations include false positives, inability to detect runtime vulnerabilities, and difficulty with complex data flows across system boundaries.

Learn More About This Topic

Cybersecurity Fundamentals

Related reading

Linux Security Auditing

Related reading

Linux Security Hardening

Related reading

Related Terms

Cryptographic Key Management

The practices and procedures for generating, storing, distributing, rotating, and revoking encryption keys securely.

Supply Chain Attack

A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

Content Security Policy (CSP)

An HTTP security header that controls which resources a browser is allowed to load for a web page, preventing XSS and data injection.

A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.

Configuration entries that define which network traffic is allowed or blocked based on source, destination, port, and protocol.

View All Security Terms →