FAAST is an AI agent for security testing that combines SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) for web applications.

Features

Static Analysis (SAST)

Uses LLM to identify vulnerabilities in the source code, but the architecture is modular so that it can use any traditional SAST tool. Saves the context of each vulnerability to know how to reach it later on with the DAST.

Autonomous Launch

Understands from the codebase how to launch the web application before proceeding to DAST.

Dynamic Analysis (DAST)

Automatically exploits and verifies vulnerabilities in the running application.

Vulnerability Verification

Uses LLM to verify if the exploited vulnerability with the DAST agent is confirmed.