Although the process of statically analyzing the source code has existed as long as computers have existed[clarification needed], the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash.
A SAST tool scans the source code of applications and its components to identify potential security vulnerabilities in their software and architecture.
For the year of 2018, the Privacy Rights Clearinghouse database[5] shows that more than 612 million records have been compromised by hacking.
[7] The precision of SAST tool is determined by its scope of analysis and the specific techniques used to identify vulnerabilities.
[8] SAST tools unlike DAST gives the developers real-time feedback, and help them secure flaws before they the code to the next level.
[15][16] Lee Hadlington categorized internal threats in 3 categories: malicious, accidental, and unintentional.
[18] SAST tools run automatically, either at the code level or application-level and do not require interaction.
[22] Scanning many lines of code with SAST tools may result in hundreds or thousands of vulnerability warnings for a single application.