Pour obtenir une clé
d'essai remplissez le formulaire ci-dessous
Demandez des tariffs
Nouvelle licence
Renouvellement de licence
--Sélectionnez la devise--
USD
EUR
RUB
* En cliquant sur ce bouton, vous acceptez notre politique de confidentialité

Free PVS-Studio license for Microsoft MVP specialists
To get the licence for your open-source project, please fill out this form
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

I am interested to try it on the platforms:
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

Votre message a été envoyé.

Nous vous répondrons à


Si vous n'avez toujours pas reçu de réponse, vérifiez votre dossier
Spam/Junk et cliquez sur le bouton "Not Spam".
De cette façon, vous ne manquerez la réponse de notre équipe.

>
>
>
Static Application Security Testing (SA…

Static Application Security Testing (SAST)

30 Sep 2022

What is SAST?

Static Application Security Testing (SAST) is a set of technologies designed to analyze the source code of software regarding its security. The essence of the analysis is to search for code fragments that may contain potential vulnerabilities.

A potential vulnerability is a bug that can be exploited to violate the system or disrupt its logic. If an attacker has exploited a security weakness, it becomes a real vulnerability. Read more about potential vulnerabilities here.

SAST helps find potential vulnerabilities at the early stages of software development. It is a part of the Secure Software Development Life Cycle (Secure SDLC) and the DevSecOps pipeline.

Here are some vulnerabilities that SAST tools are looking for:

  • code that directly uses the information entered by a user (for example, XSS, SQLI, XXE, path traversal);
  • using outdated versions of cryptographic protocols;
  • storing passwords in code, etc.

You can find the most common and dangerous vulnerabilities in the OWASP Top 10 list.

To understand the work principles of SAST, let's look at how an SQL injection is detected:

void ProcessRequest(HttpRequest request) 
{ 
  string name = request.Form["name"];

  string sql = $"SELECT * FROM Users WHERE name='{name}'";
  using (var command = new SqlCommand(sql,_connection))
  {
    ....
  }
  .... 
}

Here an SQL query is formed from data entered by a user. Such approach is dangerous since the external data can be compromised. Instead of the data we expect to get (in this case, name) a user may pass an SQL command. In this case, executing the SQL query can be dangerous. Depending on the SQL command, it can lead to deleting tables or the entire database, extracting an arbitrary number of entries, etc.

SAST tools can find the vulnerability here with the help of taint analysis. A SAST solution expects that the external data may be compromised. The analyzer tracks the tainted data and warns the developer when it gets into the SQL command constructor. This means that such a command can be dangerous to execute, and the code contains a security weakness.

Pros and cons of SAST

Pros:

  • specifies the exact place where a potential vulnerability may occur, as well as suggests ways to fix it by working with the source code;
  • doesn't require to execute an application;
  • covers the entire codebase of an application;
  • helps implement the shift-left principle.

Cons:

  • issues false positives;
  • doesn't analyze libraries and frameworks if there's no access to their source code;
  • depends on the programming language.

Additional links

Latest articles:

Poll:

Comments (0)

Next comments
Unicorn with delicious cookie
Nous utilisons des cookies pour améliorer votre expérience de navigation. En savoir plus
Accepter