sast
Safeguard articles tagged "sast" — guides, analysis, and best practices for software supply chain and application security.
267 articles
Finding Vulnerabilities in Source Code: A Practical Method
A concrete, repeatable method for finding vulnerabilities in source code — combining static analysis, dependency scanning, and manual review without drowning your team in false positives.
Application Vulnerability Management: Program Basics
A working definition of application vulnerability management and the five program elements that separate a real practice from a pile of scanner tickets.
Static Source Code Analysis Tools: A Practical Guide
A practical walkthrough of what static source code analysis tools actually check, where they miss, and how to pick one without buying a shelf-ware scanner.
Code Security Review: Manual vs Automated, and Where They Meet
Code security review works best as a combination, not a choice — here's what automated scanning catches, what still needs a human reviewer, and how to structure both.
SQL Injection Detection: How Scanners Actually Find It
SQL injection detected in a scan report can mean very different things depending on whether it came from a static trace or a live dynamic test — here's how each actually works.
Software Security Testing: A Practitioner's Overview
Software security testing spans static analysis, dynamic testing, dependency scanning, and manual review — a practical map of which method catches what, written for people who actually run these programs.
Static Analysis False-Positive Reduction
A technique-by-technique tour of how modern static analyzers cut false positives, from CodeQL's path pruning to Infer's bi-abduction.
What Is a CSRF Token, and How Does It Stop CSRF?
A CSRF token is a random, per-session value a server requires on state-changing requests so a malicious site can't forge one on a logged-in user's behalf.
Semgrep vs CodeQL: SAST Comparison
Compare Semgrep and CodeQL on rule authoring, language coverage, taint analysis, scan time, IDE integration, and pricing to choose the right SAST engine in 2024.
SCA vs SAST vs DAST: Which Do You Actually Need First
Three scanner acronyms, one budget. A spec-level comparison of SCA, SAST, and DAST — what each catches, what each costs to run, and the order that pays off fastest.
OWASP Path Traversal: How It Works and How to Stop It
Path traversal lets an attacker reach files outside a web app's intended directory using sequences like ../../etc/passwd — here's how it works and the fixes that actually close it.
SAST Tool Accuracy Benchmarks 2024: What the Data Actually Shows
Static Application Security Testing tools vary dramatically in accuracy. We analyze detection rates, false positive rates, and language coverage across leading SAST tools using standardized benchmarks.