Static Application Security Testing (SAST) is a set of technologies designed to analyze application source code, binaries, and byte code in a non-running state, revealing security vulnerabilities that make mobile applications susceptible to attacks. SAST scans an application before the code is compiled. It is also known as white-box testing. It detects critical vulnerabilities within systems, such as SQL injection, buffer overflow, and cross-site scripting.
SAST takes place very early in the software development life cycle (SDLC), as it does not require a working application and can take place without the code being executed. It helps developers identify vulnerabilities in the initial stages of development and quickly resolve issues without passing on vulnerabilities to the final release of the application. SAST tools give developers real-time feedback as they code, helping them fix issues before they pass the code to the next phase of the SDLC. These tools test the source code, or the binaries, line-by-line. SAST tools also provide graphical representations of the issues found. In short, SAST products scan the source code to identify susceptibilities, provide reports, and even develop code fixes for some of those vulnerabilities.