🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Security Intermediate

What is SAST (Static Application Security Testing)?

Automated analysis of source code to find security vulnerabilities without executing the application.

SAST tools scan source code, bytecode, or binaries for security flaws like SQL injection, XSS, buffer overflows, and hardcoded credentials. They analyze code paths to find vulnerabilities before deployment. Tools include SonarQube, Semgrep, Bandit (Python), PHPStan with security rules, and commercial solutions like Checkmarx and Fortify. SAST integrates into CI/CD pipelines for continuous security checks. Advantages include early detection (shift-left security), complete code coverage, and no running application needed. Limitations include false positives, inability to detect runtime vulnerabilities, and difficulty with complex data flows across system boundaries.

Related Terms

Two-Factor Authentication (2FA)
A security method requiring two different forms of identification before granting access to an account.
Firewall Rules
Configuration entries that define which network traffic is allowed or blocked based on source, destination, port, and protocol.
Encryption
The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.
Zero Trust
A security model that requires strict identity verification for every user and device, regardless of their network location.
API Security
Practices and mechanisms for protecting APIs from unauthorized access, data breaches, and abuse.
Webhook Signature Verification
A security mechanism that verifies webhook payloads are authentic and unmodified using cryptographic signatures.
 View All Security Terms →