Static Application Security Testing (SAST)
Advertisement
Techopedia Explains Static Application Security Testing (SAST)
SAST is often contrasted with another term that is, in some ways, opposite to it: dynamic application security testing (DAST). The difference between these two is that, with SAST, testers read the source code. They look for logical flaws, such as a loophole in data control, something that a hacker could use to gain access to the system. In contrast, in DAST, testers do not look at the source code but perform behavioral testing instead — they run the application and look for flaws that way.IT experts also differentiate between the two using the terms "white box testing" and "black box testing." SAST is white box testing because the source code for the application is available and transparent. That is what testers look at. In contrast, DAST is black box testing because the source code is not part of the equation. Instead, black box testers rely solely on the behavior of the application.
Advertisement
Related Reading
- The Advantages of Virtualization in Software Development
- Performance Testing: The First Line of Security Against Attacks
- Why Do We Need User Acceptance Testing (UAT)?
- Experts Share 5 AI Predictions for 2023
- Artificial Intelligence: Debunking the Top 10 AI Myths
- WooCommerce vs. Magento: Best Ecommerce Platform in 2023