Security Intermediate

What is SAST (Static Application Security Testing)?

Automated analysis of source code to find security vulnerabilities without executing the application.

SAST tools scan source code, bytecode, or binaries for security flaws like SQL injection, XSS, buffer overflows, and hardcoded credentials. They analyze code paths to find vulnerabilities before deployment. Tools include SonarQube, Semgrep, Bandit (Python), PHPStan with security rules, and commercial solutions like Checkmarx and Fortify. SAST integrates into CI/CD pipelines for continuous security checks. Advantages include early detection (shift-left security), complete code coverage, and no running application needed. Limitations include false positives, inability to detect runtime vulnerabilities, and difficulty with complex data flows across system boundaries.

Learn More About This Topic

Cybersecurity Fundamentals

Related reading

Linux Security Auditing

Related reading

Linux Security Hardening

Related reading

Related Terms

SOC (Security Operations Center)

A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.

JWT (JSON Web Token)

A compact, self-contained token format used for securely transmitting information between parties as a JSON object.

The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.

Supply Chain Attack

A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.

An authorization framework that allows third-party applications to access user resources without sharing passwords.

DAST (Dynamic Application Security Testing)

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

View All Security Terms →