Which issue can be detected with static application security testing (SAST)?

Static Application Security Testing (SAST) is a method used to identify vulnerabilities in an application’s source code or binaries without executing the program. It analyzes the code for security flaws, such as those related to improper coding practices or potential loopholes that could be exploited.

Threading issues can be particularly complex because they involve how multiple threads or processes interact within an application. While SAST tools do not exclusively focus on threading, they can identify problems related to improper management of threads, such as race conditions or deadlock situations, which could lead to security vulnerabilities. By analyzing the code structure and execution paths, SAST can help developers identify areas where threading issues may arise, allowing them to mitigate risks before the application is run.

Other options like authentication, performance, and malware are less directly aligned with what SAST specifically targets. SAST does not evaluate runtime aspects or performance metrics but rather focuses on identifying security vulnerabilities at the code level to enhance overall application security.