Chapter 6 – Test Tools
SAST (Static Application Security Testing) – ISTQB Definition
Last Updated: July 12, 2026 · SoftwareTestPilot QA Team
Official ISTQB Definition
The analysis of computer software from within, without executing the program, to detect security vulnerabilities.
In simple words
Security scanning of source code — catches vulnerabilities before running.
Exam tip
Complementary to DAST which tests the running app.
Related terms
- Static Analysis ToolSonarQube, ESLint, SpotBugs — analyzes code without running it and flags problems.
- DAST (Dynamic Application Security Testing)Security scanning of a live system — finds issues SAST can't see.
- Security TestingTrying to break in, leak data, or escalate privileges — before an attacker does.
Practice this term in the ISTQB Mock Test
40 CTFL v4.0 questions, 60-minute timer, instant scoring and chapter-wise breakdown.
Practice in Mock Test