There are two cars in my driveway right now. One was built in 1978, and what’s great about it is how easy it is to work on. It’s a simple vehicle, and most repairs can be performed with only a half-dozen tools: two screwdrivers, three wrenches, and a hammer (you always need a hammer).
The other car was built in 2020, and I don’t work on that one. It’s vastly more sophisticated—and complicated—than the ’78, and my mechanic wields a dizzying assortment of specialized tools and diagnostic systems to ensure that everything is working correctly.
And so it is with software. As the software we build has become more sophisticated—and complicated—the array of security tools required to test that software is expanding. In fact, most organizations today use dozens of tools and techniques to test their software for vulnerabilities.
But which ones should you be using? The answer to that question depends on the type of software you are developing and how you are delivering it. Gartner recently published its 2023 Critical Capabilities™ for Application Security Testing report. It provides insight into which tools and techniques are most important for five specific use cases, as well as ratings and reviews of the vendors that provide those tools. Let’s look at the five use cases in the report and the differences in their respective application security needs.