STATic Application Security Testing
(SAST)
When developing a new product or application there is a possibility of vulnerabilities arising. Through SAST risk is mitigated in early phases of development!
DEFINITION
A Static Application Security Testing, also called SAST is considered one of the primary security reviews that MUST be performed before a new product or code is put into production (deploy).
Through this type of test, vulnerabilities, bugs and security hotsposts are identified by automatic scanners and forwarded to developers to apply the necessary corrections.
By addressing security issues early in development phase, the cost is lower when compared to a successful attack or patches in production.
Goals
-
Identify vulnerabilities, bugs and security hotsposts present in code in development or production phases;
-
Provide an overview of code security;
-
Helps integrate security into the early stages of the Software Development Lifecycle;
-
Among others...
Main benefits
Compliance with Security Standards
Code Quality Management
Applied in Large Scale Projects
Less rework for developers
METHODOLOGY
Here at CyberX, we work closely with our clients to ensure their goals are met! This way, we model our SAST procedures to adapt as best as possible to the characteristics of each client and business area. Below we present one of the methodologies we follow to perform our tests:
Tool choice
Infrastructure Creation
Tool Customization
Definition of assets
Analysis of Results
Mitigations