What is SAST? | Fluid Attacks Help

What is SAST?

Static application security testing (SAST) is a security testing technique for identifying security vulnerabilities in an application's source code.

Unlike dynamic application security testing (DAST), which examines the application during runtime, SAST examines the code itself before compilation or execution. This allows developers to identify and address vulnerabilities early in the software development lifecycle (SDLC), reducing the risk of costly remediation efforts later on.

Fluid Attacks' static analysis is recommended by the App Defense Alliance Cloud Application Security Assessment (CASA) framework. This recognition underscores its effectiveness for evaluating that software is secure for its users. Furthermore, it has achieved a true positive rate of 100% and a false positive rate of 0% against the OWASP Benchmark, a widely recognized standard for evaluating security testing tools. This means that Fluid Attacks' AppSec testing tool accurately identifies real vulnerabilities without raising false alarms, ensuring efficient and reliable security analysis.

To learn more about Fluid Attacks' SAST capabilities, refer to the following resources in this Knowledge Base:

  1. Supported languages, frameworks and files in SAST: Discover the extensive range of programming languages supported by the static analysis tool. This way you can assess its compatibility with your specific development environment and technology stack.
  2. Security requirements by language: Understand the comprehensive set of security requirements that form the basis of Fluid Attacks' SAST scans. This page and the pages linked therein inform you of the types of vulnerabilities the tool can detect and the security standards it verifies in your code.
  3. Configure the tests by the standalone scanner: Perform SAST, among other techniques, with Fluid Attacks' free and open-source command-line interface (CLI) tool.
  4. Sign up to Fluid Attacks: Start the free trial of Fluid Attacks' SAST and other automated techniques, in which the scanner is configured for you to continuously monitor your system's security as you develop, and Fluid Attacks provides you with reports, analytics, and remediation suggestions on its platform.
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.