anavem.
Back to Glossary
S

SAST (Static Application Security Testing)

SAST analyzes source code for security vulnerabilities without executing the application.

What is SAST?

Static Application Security Testing (SAST) analyzes source code, bytecode, or binaries for security vulnerabilities without executing the program, finding issues early in development.

SAST Benefits

Early detection, Full code coverage, Developer feedback, CI/CD integration.

Common Misconceptions

  • "SAST finds all bugs" - False positives and limitations
  • "SAST replaces DAST" - Complementary approaches
  • "SAST slows development" - Integration improves flow