Revision as of 06:19, 23 September 2024 edit Muxon (talk \| contribs) 9 edits Tagged an unclear statement Tag: Visual edit ← Previous edit		Revision as of 09:56, 20 February 2025 edit undo Constentini (talk \| contribs) 2 edits Clarified the reference to static program analysis Next edit →
Line 1: {{Short description\|Software securing application}} '''Static application security testing''' ('''SAST''') is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of [[~~Static~~Informal ~~program~~methods ~~analysis~~of validation and verification#Desk checking\|~~statically~~checking ~~analyzing~~programs ~~the~~by ~~source~~reading their code ]] ~~has~~(modernly ~~existed~~known as ~~long~~[[Static asprogram ~~computers~~analysis\|static ~~have~~program ~~existed{{Clarify\|reason=Early~~analysis]]) ~~computers~~has existed ~~before~~as ~~source~~long ~~code,~~as ~~this~~computers ishave ~~too vague.\|date=September 2024}}~~existed, the technique spread to security in the late 90s and the first public discussion of [[SQL injection]] in 1998 when Web applications integrated new technologies like [[JavaScript]] and [[Adobe Flash Player\|Flash]]. Unlike [[dynamic application security testing]] (DAST) tools for [[black-box testing]] of application functionality, SAST tools focus on the code content of the application, [[white-box testing]].

Static application security testing: Difference between revisions