🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Security Intermediate

What is SAST (Static Application Security Testing)?

Automated analysis of source code to find security vulnerabilities without executing the application.

SAST tools scan source code, bytecode, or binaries for security flaws like SQL injection, XSS, buffer overflows, and hardcoded credentials. They analyze code paths to find vulnerabilities before deployment. Tools include SonarQube, Semgrep, Bandit (Python), PHPStan with security rules, and commercial solutions like Checkmarx and Fortify. SAST integrates into CI/CD pipelines for continuous security checks. Advantages include early detection (shift-left security), complete code coverage, and no running application needed. Limitations include false positives, inability to detect runtime vulnerabilities, and difficulty with complex data flows across system boundaries.

Related Terms

PKI (Public Key Infrastructure)
A framework of policies, hardware, and software for creating, managing, distributing, and revoking digital certificates.
CSRF (Cross-Site Request Forgery)
An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.
SOC (Security Operations Center)
A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.
Secret Management
The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.
SIEM (Security Information and Event Management)
A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.
Supply Chain Attack
A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.
 View All Security Terms →