Static Application Security Testing
GPTKB entity
Statements (49)
Predicate | Object |
---|---|
gptkbp:instanceOf |
security testing methodology
|
gptkbp:abbreviation |
gptkb:SAST
|
gptkbp:analyzes |
code without executing
|
gptkbp:canAutomate |
yes
|
gptkbp:category |
white-box testing
|
gptkbp:compatibleWith |
running application
|
gptkbp:complement |
gptkb:Dynamic_Application_Security_Testing
gptkb:Interactive_Application_Security_Testing |
gptkbp:contrastsWith |
gptkb:Dynamic_Application_Security_Testing
|
gptkbp:detects |
gptkb:cross-site_scripting
SQL injection buffer overflows hardcoded credentials information leakage code quality issues insecure dependencies |
gptkbp:focusesOn |
application binaries
bytecode analysis source code analysis |
gptkbp:goal |
improve software security
reduce vulnerabilities early |
https://www.w3.org/2000/01/rdf-schema#label |
Static Application Security Testing
|
gptkbp:integratesWith |
CI/CD pipelines
version control systems |
gptkbp:limitation |
cannot detect runtime vulnerabilities
may produce false positives |
gptkbp:output |
remediation guidance
security reports vulnerability findings |
gptkbp:performedBy |
developers
security analysts |
gptkbp:purpose |
identify security vulnerabilities
|
gptkbp:recommendation |
gptkb:OWASP
gptkb:NIST |
gptkbp:relatedTo |
gptkb:Secure_SDLC
gptkb:DevSecOps code review software assurance |
gptkbp:scope |
configuration files
application source code third-party libraries |
gptkbp:usedIn |
software development lifecycle
|
gptkbp:uses |
gptkb:Checkmarx
gptkb:Coverity gptkb:SonarQube gptkb:Veracode gptkb:Fortify |
gptkbp:bfsParent |
gptkb:SAST
|
gptkbp:bfsLayer |
5
|