SAST
Security testing that analyzes source code (or compiled bytecode) without executing it, looking for patterns that indicate vulnerabilities. Major tools: Semgrep, Checkmarx, Veracode, Fortify, SonarQube, Snyk Code, GitHub CodeQL.
More from Application Security
SQL Injection (SQLi)
Vulnerability where untrusted input is included in SQL queries without proper parameterization. Classic OWASP Top 10 issue. Mitigated by parameterized queries / prepared statements, ORM usage with safe defaults, and input validation.
Cross-Site Scripting (XSS)
Vulnerability where untrusted content is rendered in a user's browser without proper encoding, allowing attacker JavaScript to execute in the victim's session context. Stored XSS persists in database; reflected XSS requires a crafted URL. CSP and output encoding are primary mitigations.
Server-Side Request Forgery (SSRF)
Vulnerability where an application can be coerced into making arbitrary HTTP(S) requests on the attacker's behalf. Classic exploitation chain: application SSRF → cloud metadata service (IMDS) → credential theft → cloud account compromise. Mitigated by network egress controls and URL allowlisting.
Remote Code Execution (RCE)
Vulnerability allowing an attacker to execute arbitrary code on a remote system. The highest-severity class of vulnerability. Common via deserialization flaws, command injection, template injection (SSTI), file upload + execution, memory corruption.
Insecure Direct Object Reference (IDOR)
Vulnerability where an application uses user-supplied input to access resources without proper authorization checks. Classic example: changing ?invoice_id=123 to ?invoice_id=124 and seeing another customer's invoice. Often found via parameter tampering.
DAST
Security testing that runs against a deployed application, probing for vulnerabilities from the outside. Major tools: Burp Suite, OWASP ZAP, Invicti (Netsparker), StackHawk, Detectify. Complementary to SAST.
Apply this to your environment
Our engagements address concepts like sast in practice — not just definitions, but how the attack patterns apply to your stack and how to remediate.