Find Bugs in 60 Seconds

FastTest’s security_audit tool combines static code analysis (SAST), dependency scanning (SCA), and browser adversarial testing (DAST) in a single command. No account needed — works locally out of the box.

Run Your First Security Audit

1. Tell your AI assistant to secure your app

   Secure my app at http://localhost:3000

   FastTest runs a full audit: static analysis on your source code, dependency scanning for known CVEs, and browser adversarial testing on your running app.

2. Watch the phases

   Static (SAST + SCA):

   • Source code scanned with opengrep for injection, XSS, hardcoded secrets, misconfigurations
   • Dependencies scanned with Trivy for known CVEs

   Dynamic (DAST):

   • Input fuzzing — XSS payloads, SQL injection strings, boundary values, oversized inputs
   • Auth & access — path traversal, unauthorized route access, privilege escalation
   • Error handling — malformed data, missing fields, unexpected types
   • Edge cases — empty states, rapid submission, special characters

3. Review findings

   Results are reported with severity levels and cross-referenced between static and dynamic:

   HIGH   XSS in search — SAST found, DAST confirmed
   HIGH   CVE-2024-1234 in lodash@4.17.20 — fixed in 4.17.21
   MED    No length limit on bio — 500ms hang
   LOW    SQL injection blocked by ORM ✓

Tip

Security auditing is safe and non-destructive. Static scans read your code without modifying it. Dynamic tests check whether your app properly sanitizes inputs and handles edge cases — they do not modify databases or cause real harm.

Choose Your Mode

Run only what you need:

Secure my app, static only (just scan my code)

Secure my app at http://localhost:3000, dynamic only, focus on forms

Secure my app at http://localhost:3000, full mode (default — both static + dynamic)

The focus parameter accepts: forms, navigation, auth, or all.

Save Findings as a Security Suite

If you’re connected to the cloud, findings are automatically saved as a security report. On subsequent runs, FastTest re-runs the saved security suite to verify fixes:

Secure my app at http://localhost:3000

If the same issues are found again, they’re reported as regressions. Fixed issues are reported as resolved.

Caution

Security scan limits apply based on your plan. Free plans include a limited number of scans per month.

Next Steps

• Create a regression suite to protect your app after fixing bugs
• Set up CI integration to run security tests on every PR
• See the full security_audit tool reference for all parameters