Static Application Security Testing is the process of scanning application code to find possible vulnerabilities. The term “static” refers to the testing of precompiled code to detect programming patterns that could lead to exploitation. For example, a SAST tool may find concatenation of untrusted input within the code and flag it as a possible injection vulnerability. A major downside of SAST is its tendency for false positives since code that it looks may not be a real vulnerability.