WHAT IS STATIC APPLICATION SECURITY TESTING (SAST)?
Static application security testing (SAST) involves analyzing an application’s source code very early in the software development life cycle (SDLC). The SAST analysis specifically looks for coding and design vulnerabilities that make an organization’s applications susceptible to attack. Also known as white box testing, static application testing solutions analyze an application from the “inside out” when it is in a non-running state, trying to gauge its security strength.
There are three basic types of SAST testing: source code analysis, byte code analysis, and raw binary code analysis. SAST security solutions can be integrated directly into the development environment, allowing developers to constantly monitor their code and quickly mitigate vulnerabilities as they are discovered. Because SAST security tools give developers real-time feedback as they code, they can fix issues before they pass into the next phase of the SDLC, detecting and fixing problems much more quickly than later in the SDLC.