About: Static application security testing

Property	Value
dbo:abstract	Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash. Unlike dynamic application security testing (DAST) tools for black-box testing of application functionality, SAST tools focus on the code content of the application, white-box testing.A SAST tool scans the source code of applications and its components to identify potential security vulnerabilities in their software and architecture.Static analysis tools can detect an estimated 50% of existing security vulnerabilities. In SDLC, SAST is performed early in the development process and at code level, and also when all pieces of code and components are put together in a consistent testing environment. SAST is also used for software quality assurance. even if the many resulting false-positive impede its adoption by developers SAST tools are integrated into the development process to help development teams as they are primarily focusing on developing and delivering software respecting requested specifications. SAST tools, like other security tools, focus on reducing the risk of downtime of applications or that private information stored in applications will not be compromised. For the year of 2018, the Privacy Rights Clearinghouse database shows that more than 612 million records have been compromised by hacking. (en)
dbo:wikiPageID	62778843 (xsd:integer)
dbo:wikiPageLength	13264 (xsd:nonNegativeInteger)
dbo:wikiPageRevisionID	1118130913 (xsd:integer)
dbo:wikiPageWikiLink	dbc:Static_program_analysis dbr:Application_software dbc:Security_testing dbr:Dynamic_application_security_testing dbr:Instrumentation dbr:Interactive_application_security_testing dbr:SQL_injection dbr:Class_(computer_programming) dbr:Lint_(software) dbr:Subroutine dbr:Static_program_analysis dbr:Adobe_Flash_Player dbr:False_positives_and_false_negatives dbr:JavaScript dbr:Software_development_process dbr:Abstract_syntax_tree dbr:Black-box_testing dbr:Code_injection dbr:Code_review dbr:Software_audit_review dbr:Security_testing dbr:White-box_testing
dbp:wikiPageUsesTemplate	dbt:Reflist
dcterms:subject	dbc:Static_program_analysis dbc:Security_testing
rdfs:comment	Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash. For the year of 2018, the Privacy Rights Clearinghouse database shows that more than 612 million records have been compromised by hacking. (en)
rdfs:label	Static application security testing (en)
owl:sameAs	wikidata:Static application security testing dbpedia-he:Static application security testing https://global.dbpedia.org/id/Cqt38
prov:wasDerivedFrom	wikipedia-en:Static_application_security_testing?oldid=1118130913&ns=0
foaf:isPrimaryTopicOf	wikipedia-en:Static_application_security_testing
is dbo:wikiPageWikiLink of	dbr:Application_security dbr:DevOps dbr:Dynamic_application_security_testing dbr:Interactive_application_security_testing dbr:GrammaTech dbr:Static_program_analysis dbr:John_Jackson_(hacker) dbr:Kiuwan dbr:Semgrep dbr:List_of_tools_for_static_code_analysis dbr:Security_testing dbr:Visual_Expert
is foaf:primaryTopic of	wikipedia-en:Static_application_security_testing