This is a question often asked by proponents of the cloud movement. In this article, I will highlight what, how, why, and when to choose a cloud-based approach for application security testing through the five essential factors.
Cloud-based (aka on-demand) application security testing is a relatively new type of testing in which the applications are tested by a solution/tool/scanner hosted in cloud. It differs from traditional application security testing in a few ways.
- Traditional application testing requires on-premises tools.
- While the goals are similar (finding bad stuff), cloud-based testing provides a more scalable, faster, and more cost effective choice. However, it may not be the best fit if you want to go for depth and robustness; in which case static analysis, manual ethical hacks, and architecture risk analysis could be a better choice.
As more and more applications are being deployed in cloud, serving all kinds of end points, I have observed a shift of focus from “securing applications” to “securing applications fast, at scale.” Cloud-based application security testing is real and answers many of the questions asked by senior personnel across large enterprises and SMBs alike.