Static Application Security Testing (SAST)

Static Application Security Testing, or SAST, is a branch of static analysis, dedicated to security.

It focuses on finding vulnerabilities before the source code hits production.

For example, SAST searches for injections, XSS, path traversal, insecure deserialization, weak cryptography, missing validation.

See also deepsource, snyk, sonar and PHP SAST Papers.

Related : Second Order SQL Injection, Remote Code Execution (RCE), Static Code Analysis (SCA), Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), SQL Injection, Path Traversal, Insecure Deserialization, Weak Cryptography, Missing Validation, Analysis