“Static Application Security Testing (SAST) remains the best prerelease testing tool for catching tricky data flow issues and issues such as cross-site request forgery (CSRF) that tools such as dynamic application security testing have trouble finding. Security pros should use SAST tools because:
Providers ranked as 'Strong Performers' have competitive offerings in specific areas. CAST marries security with quality metrics. The CAST Application Intelligence Platform (AIP) provides a top-down dashboard that security professionals, delivery managers, and CIOs use to monitory software characteristics called health factors. These include security, robustness, efficiency, changeability, transferability, and overall quality. CAST AIP offers very strong breadth of source code language support.