Case study 1
A software development company was in the process of building a new web application for a client. As part of their development process, they were using a combination of manual code reviews and automated testing tools, including SAST. They had integrated SAST into their development pipeline and were running it regularly to identify any potential security vulnerabilities in their code.
During one of their SAST scans, they discovered a critical vulnerability in their application code. The vulnerability was a classic SQL injection flaw that could allow an attacker to execute arbitrary SQL commands on the underlying database. If left unaddressed, this vulnerability could have potentially exposed sensitive customer data and allowed attackers to take control of the application.
Thanks to the early detection provided by SAST, the development team was able to quickly remediate the issue before deploying the application to production. They fixed the vulnerability by implementing...