Scribd Logo
Upload

Welcome to Scribd!

  • Sast & Dast: How Does SAST Work?

    Uploaded by

    Victor
    23 views2 pages
    SAST tools scan application code without running it to detect vulnerabilities. There are six key steps to implement SAST: 1) select a tool, 2) deploy scanning infrastructure, 3) customize the tool, 4) prioritize applications, 5) analyze results, and 6) provide governance and training. SAST works by using static code analysis to check source code for flaws based on predetermined rules to find issues like SQL injections and input validation problems.

    Original Description:

    Original Title

    Sast and Dast

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    SAST tools scan application code without running it to detect vulnerabilities. There are six key steps to implement SAST: 1) select a tool, 2) deploy scanning infrastructure, 3) customize the tool, 4) prioritize applications, 5) analyze results, and 6) provide governance and training. SAST works by using static code analysis to check source code for flaws based on predetermined rules to find issues like SQL injections and input validation problems.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views2 pages

    Sast & Dast: How Does SAST Work?

    Uploaded by

    Victor
    SAST tools scan application code without running it to detect vulnerabilities. There are six key steps to implement SAST: 1) select a tool, 2) deploy scanning infrastructure, 3) customize the tool, 4) prioritize applications, 5) analyze results, and 6) provide governance and training. SAST works by using static code analysis to check source code for flaws based on predetermined rules to find issues like SQL injections and input validation problems.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    SAST & DAST

    SAST
    SAST tools scan your application’s code in a non-running state (before the code is
    compiled).
    SAST tools are some of the most used and essential security testing tools that
    DevSecOps teams can use in their workflow.
    There are 6 simple steps needed to perform SAST efficiently in organizations that
    have a very large number of applications:
    1. Finalize the tool
    It consists of selecting a static analysis tool that can perform code reviews
    of applications written in the programming languages you use.
    The tool should also be able to comprehend the underlying framework used
    by your software.
    2. Create the scanning infrastructure and deploy the tool.
    3. Customize the tool
    Fine-tune the tool to suit the needs of the organization.
    4. Prioritize onboard applications
    Once the tool is ready, onboard your applications. If you have a large
    number of applications, prioritize the high-risk applications to scan first.
    5. Analyze scan results
    This step involves triaging the results of the scan to remove false positives.
    Once the set of issues is finalized, they should be tracked and provided to
    the deployment teams for proper and timely remediation.
    6. Provide governance and training
    SAST should be incorporated as part of your application development and
    deployment process.

    How does SAST work?


    SAST is usually implemented at the coding and testing stages of development.
    The working mechanism behind SAST is that a static code analysis tool is used to
    check the source code for design and coding flaws that could make an application
    vulnerable.
    While analyzing the source code, the SAST tool will identify several issues ranging
    from programming errors, unsanitized input processing, vulnerable constructs,
    and so on.
    SAST scans are based on a set of predetermined rules that define the coding
    errors in the source code that need to be addressed and assessed.

    Kinds of vulnerabilities that SAST tools can detect:


    • SQL injections,
    • Input validation attacks,
    • Stack buffer overflows,
    • Integer overflows.

    Source: https://www.perforce.com/blog/kw/what-is-sast

    You might also like