Static Application Security Testing
Static Application Security Testing (SAST) tools for static code analysis that detect security vulnerabilities and coding flaws in source code during development.
Explore 130 curated cybersecurity tools, with 15,426 visitors searching for solutions
FEATURED
Cybercrime intelligence tools for searching compromised credentials from infostealers
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to build security programs
Get Featured
Feature your product and reach thousands of professionals.
RELATED TASKS
A collection of vulnerable web application test cases designed to benchmark and evaluate the effectiveness of static security analyzers and penetration testing tools.
A collection of vulnerable web application test cases designed to benchmark and evaluate the effectiveness of static security analyzers and penetration testing tools.
QARK is a static analysis tool that scans Android applications for security vulnerabilities and can generate proof-of-concept exploits for discovered issues.
QARK is a static analysis tool that scans Android applications for security vulnerabilities and can generate proof-of-concept exploits for discovered issues.
DroidRA is an instrumentation-based Android security analysis tool that improves the accuracy of reflective call analysis through composite constant propagation techniques.
DroidRA is an instrumentation-based Android security analysis tool that improves the accuracy of reflective call analysis through composite constant propagation techniques.
A library of string validators and sanitizers.
SecretScanner is a standalone tool that scans container images and filesystems to detect approximately 140 types of unprotected secrets and sensitive credentials.
SecretScanner is a standalone tool that scans container images and filesystems to detect approximately 140 types of unprotected secrets and sensitive credentials.
Prevents you from committing passwords and other sensitive information to a git repository.
Prevents you from committing passwords and other sensitive information to a git repository.
UglifyJS 3 is a JavaScript toolkit that provides parsing, minification, compression, and beautification capabilities for JavaScript code optimization and processing.
UglifyJS 3 is a JavaScript toolkit that provides parsing, minification, compression, and beautification capabilities for JavaScript code optimization and processing.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
A Fastify plugin that provides utilities and middleware to protect web applications against Cross-Site Request Forgery (CSRF) attacks.
A Fastify plugin that provides utilities and middleware to protect web applications against Cross-Site Request Forgery (CSRF) attacks.
A library for forward compatibility with PHP password functions.
A library for forward compatibility with PHP password functions.
A tool that reveals invisible links within JavaScript files
A tool that combines multiple open source Git scanning utilities to detect and list secrets stored in Git repositories for security audits and compliance checks.
A tool that combines multiple open source Git scanning utilities to detect and list secrets stored in Git repositories for security audits and compliance checks.
A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.
A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.
Find leaked credentials by scanning repositories for high entropy strings.
Find leaked credentials by scanning repositories for high entropy strings.
Protect against Prototype Pollution vulnerabilities in your application by freezing JavaScript objects.
Protect against Prototype Pollution vulnerabilities in your application by freezing JavaScript objects.
Argus-SAF is a static analysis framework for security vetting Android applications.
Argus-SAF is a static analysis framework for security vetting Android applications.
Detect trojan source attacks that employ unicode bidi attacks to inject malicious code.
Detect trojan source attacks that employ unicode bidi attacks to inject malicious code.
A key and secret validation workflow tool built in Rust, supporting over 30 providers and exporting to JSON or CSV.
A key and secret validation workflow tool built in Rust, supporting over 30 providers and exporting to JSON or CSV.
A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.
A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.
ESLint plugin to prevent Trojan Source attacks.
ESLint plugin to prevent Trojan Source attacks.
A bash script that analyzes executable files to check security properties like PIE, RELRO, canaries, ASLR, and Fortify Source protections.
A bash script that analyzes executable files to check security properties like PIE, RELRO, canaries, ASLR, and Fortify Source protections.
A Python command line tool that scans directories for AWS credentials in files, designed for CI/CD integration to prevent credential exposure in builds.
A Python command line tool that scans directories for AWS credentials in files, designed for CI/CD integration to prevent credential exposure in builds.
A security feature to prevent unexpected manipulation of fetched resources.
A security feature to prevent unexpected manipulation of fetched resources.
FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.
FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.
Static Application Security Testing Tools - FAQ
Common questions about Static Application Security Testing tools including selection guides, pricing, and comparisons.
Static Application Security Testing (SAST) tools for static code analysis that detect security vulnerabilities and coding flaws in source code during development.
