← Cybersecurity Alphabet Soup

SAST

Static Application Security Testing

appsecmedium

SAST tools analyze source code, bytecode, or binaries for security flaws without running the program. They fit early in the development lifecycle, often as IDE plugins or CI pipeline gates, so bugs like SQL injection patterns are caught before code ships. Because they see the code itself, they can pinpoint the exact file and line, though they tend to produce false positives that need triage.

Sources

More in appsec