We looked at the top 50 undergraduate computer science programs in the US and found that none require a secure coding or secure application design class. Although 18% did offer electives in secure coding or application security, it’s fair to say that teaching undergrads to develop secure code is not a top priority. Static application security testing (SAST) tools have been an important part of the puzzle to close this education gap and ensure that the code that is going to be pushed to production does not increase risk. But in the 20 years since SAST tools first launched, application development and delivery has accelerated as new technologies, delivery options, and methodologies have been adopted. In the recently published report, The Static Application Security Testing Landscape, Q2 2023, we provide an overview of 22 vendors that kept up with the pace of development with a variety of features and functionalities.
Forrester defines SAST as:
Tools that test and evaluate an application’s proprietary code by examining the code or binary without executing the application. These products analyze the application or source code directly, including APIs and infrastructure configuration files, detecting where in the code security weaknesses exist.
Our research identified three core use cases that organizations are turning to SAST tools to provide:
- Identification of security weaknesses. Security pros must gain a holistic view of the security weaknesses in proprietary code or suffer the consequences of the blind spots.
- DevSecOps. Embed security into the development workflow to identify security weaknesses early and prevent new ones. This isn’t a new goal but is critical to move at the speed of development.
- Remediation. Many of these tools boost developers’ ability to quickly remediate weaknesses, with an added bonus that more productive developers make security an enabler to business success.
To learn more about how SAST functionalities map to the top use cases, the seven additional/extended use cases, and the 22 vendors in this category, check out The Static Application Security Testing Landscape, Q2 2023.
Please schedule an inquiry with me if you’d like to understand more about SAST best practices and the SAST vendor landscape.