Static Application Security Testing

GPTKB entity

Statements (49)
Predicate Object
gptkbp:instanceOf security testing methodology
gptkbp:abbreviation gptkb:SAST
gptkbp:analyzes code without executing
gptkbp:canAutomate yes
gptkbp:category white-box testing
gptkbp:compatibleWith running application
gptkbp:complement gptkb:Dynamic_Application_Security_Testing
gptkb:Interactive_Application_Security_Testing
gptkbp:contrastsWith gptkb:Dynamic_Application_Security_Testing
gptkbp:detects gptkb:cross-site_scripting
SQL injection
buffer overflows
hardcoded credentials
information leakage
code quality issues
insecure dependencies
gptkbp:focusesOn application binaries
bytecode analysis
source code analysis
gptkbp:goal improve software security
reduce vulnerabilities early
https://www.w3.org/2000/01/rdf-schema#label Static Application Security Testing
gptkbp:integratesWith CI/CD pipelines
version control systems
gptkbp:limitation cannot detect runtime vulnerabilities
may produce false positives
gptkbp:output remediation guidance
security reports
vulnerability findings
gptkbp:performedBy developers
security analysts
gptkbp:purpose identify security vulnerabilities
gptkbp:recommendation gptkb:OWASP
gptkb:NIST
gptkbp:relatedTo gptkb:Secure_SDLC
gptkb:DevSecOps
code review
software assurance
gptkbp:scope configuration files
application source code
third-party libraries
gptkbp:usedIn software development lifecycle
gptkbp:uses gptkb:Checkmarx
gptkb:Coverity
gptkb:SonarQube
gptkb:Veracode
gptkb:Fortify
gptkbp:bfsParent gptkb:SAST
gptkbp:bfsLayer 5