Overview
SAST (often called 'white-box testing') allows developers to find security flaws early in the development cycle. Because it has access to the underlying code, it can identify the exact line where a vulnerability exists.
What SAST Detects
- SQL Injection and Cross-Site Scripting (XSS) patterns.
- Buffer overflows and memory leaks.
- Hardcoded credentials and secrets.
- Use of insecure cryptographic algorithms.
- Violations of secure coding standards.
Pros and Cons
- Pros: Finds vulnerabilities early; provides high code coverage; identifies the root cause.
- Cons: Can produce many false positives; cannot find runtime or configuration issues; requires access to source code.