Application Security Testing
image from microfocus
Dynamic Application Security Testing
It’s a software that automatically scan an application for vulnerabilities, normally from the outside and when the application is in an operative state.
Static Application Security Testing
It scan the application’s source, binary or byte code to identify vulnerabilities. Contrary to Dynamic Application Security Testing, it doesn’t need the application to be in an operative state.
SAST tools can be addedd to your IDE and can be enabled in certain services like Gitlab.
✅ The most significant ability is to detect the exact location of a security vulnerability and marks the file name and the code line, so that developers can rapidly fix them.
❌ One of the downside of using SAST is that i generates many false-positives, increasing investigation time and reducing trust in such tools.