Revision as of 00:56, 30 January 2023 edit OAbot (talk \| contribs) Bots 643,717 edits m Open access bot: doi added to citation with #oabot. ← Previous edit		Revision as of 11:22, 8 July 2023 edit undo Widefox (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers, IP block exemptions, New page reviewers, Pending changes reviewers, Rollbackers 110,632 edits →top: bold alt article name per MOS, def acro per MOS Next edit →
Line 1: '''Static application security testing''' ('''SAST''') is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of [[Static program analysis\|statically analyzing the source code]] has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of [[SQL injection]] in 1998 when Web applications integrated new technologies like [[JavaScript]] and [[Adobe Flash Player\|Flash]]. Unlike [[dynamic application security testing]] (DAST) tools for [[black-box testing]] of application functionality, SAST tools focus on the code content of the application, [[white-box testing]]. Line 19: }}</ref> In the [[~~Software~~software development ~~process\|SDLC~~life cycle]] (SDLC), SAST is performed early in the development process and at code level, and also when all pieces of code and components are put together in a consistent testing environment. SAST is also used for software quality assurance.<ref> {{Cite journal \|last1=Ayewah\|first1=N.

Static application security testing: Difference between revisions