𝗦𝘁𝗮𝘁𝗶𝗰 𝗔𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗧𝗲𝘀𝘁𝗶𝗻𝗴 (𝗦𝗔𝗦𝗧)
SAST tools scan the app code, such as byte, source, and binary code, for vulnerabilities and potential security issues and assign a level of security weakness to prioritize remediation.
𝗗𝘆𝗻𝗮𝗺𝗶𝗰 𝗔𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗧𝗲𝘀𝘁𝗶𝗻𝗴 (𝗗𝗔𝗦𝗧)
DAST tools are used to check running applications, provide malicious inputs to a running app, and check for vulnerabilities such as cross-site scripting, SQL injections, OS injections, cookie safety, security headers, and content security policies.
𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗖𝗼𝗺𝗽𝗼𝘀𝗶𝘁𝗶𝗼𝗻 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 (𝗦𝗖𝗔)
Security composition analysis is a security testing approach that scans and identifies security vulnerabilities, problematic OSS licenses, and more in open-source software application code. SCA tools also provide a severity score, remediation guidance, and a detailed report to help users quickly mitigate risks.