Static Application Security Testing (SAST)

Static application security testing (SAST) is an essential part of any effective security program. Applied in conjunction with dynamic application security testing (DAST), SASTis performed at the static (pre-production) level.

There are three basic types of static application security testing, distinguished by what software code they analyze: source code analysis; byte code of an interpreted language, like Java, analysis; and raw binary code of an application. Specific code vulnerabilities can be detected and fixed much more quickly using SAST than later in the software development life cycle.