in Technology by (1.9m points)
What are the limitation of SAST?

1 Answer

0 votes
by (1.9m points)
Limitation of SAST

Requires access to source code

In case source code is not available then static application security testing cannot be carried out.
Will not uncover issues related to operational deployment

Often there are issues associated with operational state of an application. Static tools cannot uncover such issues.
Large number of false positives

Many a times issues are reported or problems with the logical flow are indicated, but the developer may have taken cautious decision to structure the program in that way.
Not effective to detect configuration related issues

All those static tools do a good job of uncovering many vulnerabilities, but still a large number of vulnerabilities remain hidden.