Static Application Security Testing (SAST)
GPTKB entity
Statements (64)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:printer
|
| gptkbp:benefits |
May produce false positives.
Early detection of security flaws. No need to execute the program. |
| gptkbp:defines |
A method of debugging by examining source code before the application is run.
|
| gptkbp:examples |
Scanning for potential denial of service vulnerabilities.
Scanning for potential security issues in web services. Identifying potential security risks in user input handling. Analyzing code for improper error messages. Analyzing code for insecure API usage. Analyzing code for race conditions. Assessing code for cryptographic weaknesses. Checking for insecure communication protocols. Checking for insecure use of cookies. Checking for outdated libraries. Detecting buffer overflows. Detecting improper input validation. Evaluating code for data validation issues. Evaluating code for insecure file uploads. Evaluating code for security misconfigurations. Finding SQL injection vulnerabilities. Identifying hardcoded credentials. Identifying insecure session management. Identifying insecure use of third-party libraries. Reviewing code for insecure data storage. Reviewing code for insecure deserialization. Reviewing code for insecure use of reflection. Reviewing code for proper error handling. Scanning for hardcoded secrets. Scanning for insecure file permissions. Identifying potential security risks in mobile applications. Detecting potential security issues in configuration files. Evaluating code for potential security issues in serverless architectures. Identifying potential security flaws in business logic. Evaluating code for potential security issues in data serialization. Finding vulnerabilities related to session fixation. Analyzing code for potential privilege escalation vulnerabilities. Reviewing code for potential security issues in microservices. Checking for potential security risks in third-party integrations. Analyzing code for potential security issues in cloud applications. Finding vulnerabilities related to insecure API endpoints. Finding vulnerabilities related to insecure logging. Finding_cross-site_scripting_(XSS)_vulnerabilities. |
| gptkbp:format |
Can generate various report formats.
|
| gptkbp:frequency |
Can be performed regularly.
|
| gptkbp:goal |
Improve software security.
|
| https://www.w3.org/2000/01/rdf-schema#label |
Static Application Security Testing (SAST)
|
| gptkbp:integration |
Can be integrated into CI/CD pipelines.
|
| gptkbp:is_a_tool_for |
Checkmarx.
Coverity. Veracode. Fortify_Static_Code_Analyzer. SonarQube. |
| gptkbp:is_used_in |
Software developers.
DevSecOps practices. Security analysts. |
| gptkbp:officialLanguage |
Supports multiple programming languages.
|
| gptkbp:powerOutput |
Reports on code vulnerabilities.
|
| gptkbp:purpose |
To identify vulnerabilities in the source code.
|
| gptkbp:relatedTo |
Complementary_to_Dynamic_Application_Security_Testing_(DAST).
|
| gptkbp:result |
Code quality improvement.
Compliance with security standards. |
| gptkbp:technique |
Code analysis.
White-box testing. |