Static Application Security Testing

Back To Listing

What is Static Application Security Testing?

Static application security testing (SAST) involves analyzing an application’s source code very early in the software development life cycle (SDLC). The SAST analysis specifically looks for coding and design vulnerabilities that make an organization’s applications susceptible to attack. Also known as white box testing, static application testing solutions analyze an application from the “inside out” when it is in a non-running state, trying to gauge its security strength.

There are three basic types of SAST testing: source code analysis, byte code analysis, and raw binary code analysis. SAST security solutions can be integrated directly into the development environment, allowing developers to constantly monitor their code and quickly mitigate vulnerabilities as they are discovered. Because SAST security tools give developers real-time feedback as they code, they can fix issues before they pass into the next phase of the SDLC, detecting and fixing problems much more quickly than later in the SDLC.

Contrast Community Edition

Release Secure Software Faster... No Security Expertise Needed!

Meet software delivery deadlines and security mandates. Contrast Community Edition for Java applications, .NET Core (and .Net Framework coming soon), and APIs delivers security-as-code that protects your software against the most common security flaws. With Contrast, you can remediate vulnerabilities early in the SDLC and monitor and defend against attacks on production applications.