Static Application Security Testing
GPTKB entity
Statements (49)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
security testing methodology
|
| gptkbp:abbreviation |
gptkb:SAST
|
| gptkbp:analyzes |
code without executing
|
| gptkbp:canAutomate |
yes
|
| gptkbp:category |
white-box testing
|
| gptkbp:compatibleWith |
running application
|
| gptkbp:complement |
gptkb:Dynamic_Application_Security_Testing
gptkb:Interactive_Application_Security_Testing |
| gptkbp:contrastsWith |
gptkb:Dynamic_Application_Security_Testing
|
| gptkbp:detects |
gptkb:cross-site_scripting
SQL injection buffer overflows hardcoded credentials information leakage code quality issues insecure dependencies |
| gptkbp:focusesOn |
application binaries
bytecode analysis source code analysis |
| gptkbp:goal |
improve software security
reduce vulnerabilities early |
| https://www.w3.org/2000/01/rdf-schema#label |
Static Application Security Testing
|
| gptkbp:integratesWith |
CI/CD pipelines
version control systems |
| gptkbp:limitation |
cannot detect runtime vulnerabilities
may produce false positives |
| gptkbp:output |
remediation guidance
security reports vulnerability findings |
| gptkbp:performedBy |
developers
security analysts |
| gptkbp:purpose |
identify security vulnerabilities
|
| gptkbp:recommendation |
gptkb:OWASP
gptkb:NIST |
| gptkbp:relatedTo |
gptkb:Secure_SDLC
gptkb:DevSecOps code review software assurance |
| gptkbp:scope |
configuration files
application source code third-party libraries |
| gptkbp:usedIn |
software development lifecycle
|
| gptkbp:uses |
gptkb:Checkmarx
gptkb:Coverity gptkb:SonarQube gptkb:Veracode gptkb:Fortify |
| gptkbp:bfsParent |
gptkb:SAST
|
| gptkbp:bfsLayer |
5
|