Static Application Security Testing (SAST)
Techopedia Explains Static Application Security Testing (SAST)SAST is often contrasted with another term that is, in some ways, opposite to it: dynamic application security testing (DAST). The difference between these two is that, with SAST, testers read the source code. They look for logical flaws, such as a loophole in data control, something that a hacker could use to gain access to the system. In contrast, in DAST, testers do not look at the source code but perform behavioral testing instead — they run the application and look for flaws that way.
IT experts also differentiate between the two using the terms "white box testing" and "black box testing." SAST is white box testing because the source code for the application is available and transparent. That is what testers look at. In contrast, DAST is black box testing because the source code is not part of the equation. Instead, black box testers rely solely on the behavior of the application.
- The Advantages of Virtualization in Software Development
- Performance Testing: The First Line of Security Against Attacks
- Why Do We Need User Acceptance Testing (UAT)?
- What AI Can Do for the Enterprise
- RDS and Trust Aware Process Mining: Keys to Trustworthy AI?
- Data Breach Notification: The Legal and Regulatory Environment