Our website uses cookies to enhance your browsing experience.
Accept
to the top
>
>
>
Static Application Security Testing (SA…

Static Application Security Testing (SAST)

Sep 30 2022

What is SAST?

Static Application Security Testing (SAST) is a set of technologies designed to analyze the source code of software regarding its security. The essence of the analysis is to search for code fragments that may contain potential vulnerabilities.

A potential vulnerability is a bug that can be exploited to violate the system or disrupt its logic. If an attacker has exploited a security weakness, it becomes a real vulnerability. Read more about potential vulnerabilities here.

SAST helps find potential vulnerabilities at the early stages of software development. It is a part of the Secure Software Development Life Cycle (Secure SDLC) and the DevSecOps pipeline.

Here are some vulnerabilities that SAST tools are looking for:

  • code that directly uses the information entered by a user (for example, XSS, SQLI, XXE, path traversal);
  • using outdated versions of cryptographic protocols;
  • storing passwords in code, etc.

You can find the most common and dangerous vulnerabilities in the OWASP Top 10 list.

To understand the work principles of SAST, let's look at how an SQL injection is detected:

void ProcessRequest(HttpRequest request) 
{ 
  string name = request.Form["name"];

  string sql = $"SELECT * FROM Users WHERE name='{name}'";
  using (var command = new SqlCommand(sql,_connection))
  {
    ....
  }
  .... 
}

Here an SQL query is formed from data entered by a user. Such approach is dangerous since the external data can be compromised. Instead of the data we expect to get (in this case, name) a user may pass an SQL command. In this case, executing the SQL query can be dangerous. Depending on the SQL command, it can lead to deleting tables or the entire database, extracting an arbitrary number of entries, etc.

SAST tools can find the vulnerability here with the help of taint analysis. A SAST solution expects that the external data may be compromised. The analyzer tracks the tainted data and warns the developer when it gets into the SQL command constructor. This means that such a command can be dangerous to execute, and the code contains a security weakness.

Pros and cons of SAST

Pros:

  • specifies the exact place where a potential vulnerability may occur, as well as suggests ways to fix it by working with the source code;
  • doesn't require to execute an application;
  • covers the entire codebase of an application;
  • helps implement the shift-left principle.

Cons:

  • issues false positives;
  • doesn't analyze libraries and frameworks if there's no access to their source code;
  • depends on the programming language.

Additional links

Popular related articles


Comments (0)

Next comments next comments
close comment form
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS‑Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you do not see the email in your inbox, please check if it is filtered to one of the following folders:

  • Promotion
  • Updates
  • Spam