Application Security - SAST, SCA & DAST

Focus This guide helps absolute beginners understand: What SAST , SCA , and DAST are Why we need all three How security tools actually find vulnerabilities How attackers exploit insecure applications How developers should fix issues You will build , scan , attack a real application. Core Concepts (Before Touching Tools) What is SAST? Static Application Security Testing Scans source code Does not run the application Finds insecure coding patterns Best used early (IDE / Pull Requests) Examples: Hardcoded secrets SQL injection patterns Command execution risks Insecure Deserialization (pickle) Arbitrary Code Execution (eval/exec) Unsafe YAML Loading (yaml.load) Path Traversal (tarfile.extractall) Insecure SSL/TLS (verify=False) Weak Cryptography (MD5/SHA1 usage) Insecure Temp Files (tempfile.mktemp) Detailed Information Hardcoded secrets: Storing sensitive data like passwords or API keys directly in your code where anyone who sees the file can steal them. SQL injection patterns: Building d