Wikipedia

Static application security testing: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Tags: Mobile edit Mobile web edit Advanced mobile edit
SAST strengths: improve translation
Tags: Mobile edit Mobile web edit Advanced mobile edit
Line 201:
 
==SAST strengths==
The earlier a vulnerability is fixed in the SDLC, the cheaper it willis to costfix. CommonCosts measuresto offix costs for fixing during thein development isare 10 times lesslower than during thein testing stage, and 100 times lesslower than during thein production stage.<ref>
{{Cite journal
|last=Hossain|first=Shahadat
Line 208:
|journal=Global Journal of Computer Science and Technology
|url=https://computerresearch.org/index.php/computer/article/view/1780
}}</ref>.
SAST tools are run automatically, either at the code level or application-level and do not require manual activitiesinteraction. When integrated into a CI/CD context, SAST tools can be used to automatically stop the integration process if critical vulnerabilities are identified.<ref>
{{Cite journal
|last1=Okun|first1=V.
Line 225:
}}</ref>
 
Because the tool is scanningscans the entire source-code, it can cover 100% of it, whenwhile [[dynamic application security testing]] covers theits execution resultingpossibly in the possibility to missmissing part of the application,<ref name="auto1"/> or missing unsecured configuration located in configuration files.
 
SAST tools can offer extended functionalities such as quality and architectural testing. In that case, the extension of security to these subjects enforces the security as thereThere is a direct correlation between the quality and the security. Bad quality software areiz also poorly secured software.
<ref>
{{Cite journal
Line 243:
|journal= 9th International Conference on Information Society and Technology
|doi=10.5281/zenodo.3374712
}}</ref>.
 
==SAST weaknesses==
Retrieved from "https://en.wikipedia.org/wiki/Static_application_security_testing"