What is Static Application Security Testing? Static Application Security Testing, shortened as SAST and also referred to as White-Box Testing, is a type of security testing which analyzes an applications source code to determine if security vulnerabilities exist. SAST solutions looks at the application 'from the inside-out', without needing to actually compile the code. Gartner states that "SAST should be a mandatory requirement for all organizations developing applications," and with 80% of attacks aimed at the application layer, according to Gartner, SAST is one of the top ways to ensure your application security is sound. Because SAST test looks at the code before it's been compiled without executing anything, SAST tools can be employed as early in the SDLC (software development lifecycle) as possible to achieve maximum benefit from security testing. Many SAST solutions also scan uncompiled code, making early detection of security vulnerabilities easier and saving up to 100 times the cost of needing to fix bug With about 80% of attacks aimed at the application layer, according to Gartner, SAST is one of the top ways to ensure your application security is sound.