Get a Free Quote
Static Application Security Testing (SAST)
Protect your technology investment by identifying security vulnerabilities in source code
What is software escrow security testing?
The Escrow London Static Application Security Test (SAST) service is a recommended verification service that analyses and identifies security vulnerabilities contained within software source code (for web and mobile applications) . As part of an escrow agreement, this service provides additional assurance that potential vulnerabilities can be identified and remedied.
What is the difference between Verification Tests and Static Application Security Tests?
The Escrow London Comprehensive Build Verification and SaaS Release Verification services provide assurance that the deposited source code and materials are usable and complete while the Static Application Security Test (SAST) identifies if the source code contains vulnerabilities that may be a risk to your company.
Why use a Static Application Security Test as part of your escrow strategy?
The Escrow London Static Application Security Test (SAST) provides a detailed report with deep insight into vulnerabilities that may exist within the source code base during the ongoing development phase. Once identified, these vulnerabilities may be rectified before being deployed into the live production environment. If the vulnerability identified cannot be remedied, having visibility of an issue will allow your company to develop mitigation controls.
As an end-user or Beneficiary of a software application, you will not have any insight into security issues that may exist within the source code base of the application that your company relies on. In most circumstances, the developer will not want to provide the Beneficiary with access to the source code to perform their own security testing. Using Escrow London as an independent third party to security test the code will provide the Beneficiary with the comfort that the application is secure while still protecting the intellectual property of the developer.
How does the Static Application Security Test work?
As a leading international supplier of software testing services, Escrow London has access to industry-leading tools that will be used to identify vulnerabilities contained within the deposited source code.
The Escrow London consultants will run the scan on the deposited source code. A report will be issued to the Beneficiary providing a high-level overview of the issues detected. The developer will be provided with a detailed technical report identifying the security vulnerabilities with their associated severity ranking. On the subsequent test, Escrow London will re-test the source code deposit to confirm that the previously identified security issues have been remedied.
How often should we run a Static Application Security Test (SAST)?
This depends on how frequently the source code within the application changes and the risk of the application to your business. These security tests may be performed once-off or more frequently. Escrow London has developed and recommends a cost-effective approach to perform the Static Application Security Tests on a monthly or quarterly basis to provide additional assurance to the Beneficiary and the developer.