Software Integrity

Archive for the 'Dynamic Analysis (DAST)' Category

 

Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP

Every application security testing tool has advantages and disadvantages. No single solution can ensure you find and fix all vulnerabilities. But application security tools can complement one another and help you secure your applications in each stage of the software development life cycle (SDLC) and beyond. Here’s a quick overview of SAST, IAST, DAST, and […]

Continue Reading...

Posted in Dynamic Analysis (DAST), Infographic, Interactive Application Security Testing (IAST), Runtime Application Self-Protection (RASP), Static Analysis (SAST)

 

How RASP complements application security testing to minimize risk

In the era of agile development and outsourcing, implementing a secure software development life cycle (SSDLC) is critical. However, it may not help you achieve the level of risk mitigation you desire. You may need to extend your software security approach to provide an additional layer of protection for applications once they have been deployed. […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Runtime Application Self-Protection (RASP), Software Development Life Cycle (SDLC), Static Analysis (SAST)

 

Get the latest resource helping development teams overcome widespread challenges

Only when security is treated with the same importance as quality can your software’s integrity drive a proactive strategy rather than a reactive response. In addition to ensuring software quality, development teams are under increasing pressure to address software security concerns. The high-profile data breaches that continuously arise are raising awareness of security issues. Because […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Fuzz Testing, Interactive Application Security Testing (IAST), Security Training, Software Quality, Static Analysis (SAST)

 

How to create clean images for corporate hardware

Planning an IT initiative can present many challenges, one of which being the choice of software in the organization’s base computer images. When starting out small, it may make sense to buy machines off the shelf if expansion is not anticipated in the near future. However, choosing to do so often includes unwanted programs that add […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Security Risk Assessment

 

Do you have the right tools in your application security toolkit?

RSA Conference 2017 is just a few weeks away and all you need to do to get a sense of the mind-boggling array of security solutions on the market is to take a walk through one of the two massive expo halls. Even if your search is focused on application security solutions, the wide variety […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Static Analysis (SAST)

 

Application security testing tools: A question of when not which

As a “non-tech” attendee at Black Duck’s Flight16 user conference, I had my work cut out for me keeping track of all the buzz words and acronyms. However, after attending Mike Pittenger’s session, “Filling Your AppSec Toolbox,” I learned a lot about some of the most important application security testing tools in the world of […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Security Conference or Event, Software Security Testing, Static Analysis (SAST)

 

Avoiding false positives in application security through customization

With the current increase in tool-based scans throughout the security industry, it becomes all-the-more challenging to identify the right issues and reduce false positives. For example, with static and dynamic code scanning there are tools and plugins like Fortify, AppScan, and FindBugs. These come with a standard set of default rules to identify the issues. However, […]

Continue Reading...

Posted in Code Review, Dynamic Analysis (DAST), Software Security Testing, Static Analysis (SAST)

 

SAST and DAST: Part of a balanced software security initiative

Originally posted on SecurityWeek “…is part of this balanced breakfast…” This is the claim of many sugary cereals aimed directly at children. It is also the claim of many vendors in the software security market. Selling cereal targeting children is an interesting proposition. To make the adults that ultimately have to buy the cereal feel […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Software Development Life Cycle (SDLC), Software Security Program Development, Software Security Testing, Static Analysis (SAST)

 

SAST vs. DAST: What’s the best method for application security testing?

High profile security breaches are leading to heightened organizational security concerns. Firms around the world are now observing the consequences of security breaches that are becoming more widespread and more advanced. Due to this, firms are ready to identify vulnerabilities in their applications and mitigate the risks. Two ways to go about this are static application security testing (SAST) […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Static Analysis (SAST)

 

Agile methodology and application security: A promising pair

Agile and application security are often spoken of together as oil and water, but are they really? Agile software development happens fast. The high frequency of iterations and releases often translates to wildly dynamic application build structures, with new components/modules added regularly throughout the software development life cycle (SDLC). This iterative approach enables teams to […]

Continue Reading...

Posted in Agile Methodology, Application Security, Dynamic Analysis (DAST), Penetration Testing, Software Development Life Cycle (SDLC), Static Analysis (SAST), Threat Modeling