Everything-as-Code: Pushing the Boundaries of SAST

Explore the evolving landscape of Static Application Security Testing (SAST) in this 45-minute conference talk from OWASP Foundation. Delve into the challenges and opportunities presented by the "everything as code" era, examining how traditional SAST approaches must adapt to analyze infrastructure-as-code, smart contracts, and other emerging code paradigms. Learn about the limitations of current SAST techniques when applied to declarative languages like Bicep and blockchain-oriented languages like Solidity. Gain insights into new analysis algorithms, such as constant propagation, and understand how threat models differ across various coding domains. Discover the future directions of SAST solutions and acquire valuable knowledge to evaluate and implement more comprehensive application security testing strategies in an increasingly diverse coding ecosystem.