SAST - Code Curmudgeon

SAST is security testing that is done on source, byte-code, or binaries but without actually executing them – thus the “static” testing. Typically this includes things like software metrics, static code analysis and even peer review. SAST provides a white-box or inside view to the application. It can both find possible vulnerabilities and weaknesses by looking for anti-patterns as well as enforcing secure software engineering standards by looking for proper patterns.

Definitioner

CAN (Controller Area Network)

Controller Area Network aka CAN aka CAN Bus is a wiring standard for vehicles that enables communication between various components and devices without having a host computer. For example doors, brakes, transmission.

SAST

SAST is security testing that is done on source, byte-code, or binaries but without actually executing them - thus the "static" testing. Typically this includes things like software metrics, static code analysis and even peer review. SAST provides a white-box or inside view to the application. It can both find possible vulnerabilities and weaknesses by looking for anti-patterns as well as enforcing secure software engineering standards by looking for proper patterns.

peer review (code review)

Code review is a process where programmers look at each others code and evaluate it's fitness for the intended purpose. It can find mistakes in design and implementation beyond simple syntax problems and improve quality.

static code analysis (4G)

The 4th generation of cellular wireless standards - it's the successor the 3G. There is a vast difference between how carriers interpret and implement 4G at the current time, ranging from HSPA to WiMax to LTE, each has difference performance characteristics. The standard requires peak data rates from 100 Mbit/s for high mobility to 1Gbit/s for low mobility.

static code analysis (early-adopter)

Someone who likes to have the latest and greatest things. They upgrade because something is newer, bigger, faster, has better numbers, etc. Sometimes they're right, but frequently the benefit of the new numbers is not measurable.

static code analysis (pattern-based analysis)

A form of static analysis where patterns of either good or bad code are stored as rules and compared against a code base without executing the code, to find potential violations.

static code analysis (static analysis)

Any form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code review, etc.