---
type: "term"
title: "SAST (Static Application Security Testing)"
description: "A testing methodology that analyzes application source code, bytecode, or binary code for security vulnerabilities without executing the program."
resource: "tlctc:term:sast-static-application-security-testing"
tags:
  - "glossary"
---
# SAST (Static Application Security Testing)

A testing methodology that analyzes application source code, bytecode, or binary code for security vulnerabilities without executing the program. In TLCTC: SAST is a **preventive control** (IDENTIFY/PROTECT) primarily targeting `#2 Exploiting Server` and `#3 Exploiting Client` by identifying implementation flaws before deployment.

See also: DAST, Control, Exploiting Server (#2), Exploiting Client (#3)