Easy integration with existing pipelines and development toolchains. ASTO seamlessly connects to pipelines through simple API calls. There’s no need to completely reimplement build or release pipelines to add security testing. DevOps integrations allow security analysis to easily deliver results in tandem with other development, security, and tracking tools already in place.
Actions determined and executed in real time. ASTO helps ensure that the right tests are run at the right time. After security teams define AppSec policies as code (e.g., readable XML files), the patented technology in ASTO uses those security rules to evaluate code changes and other SDLC events, and intelligently trigger the appropriate AppSec security tests (e.g., static application security testing, software composition analysis, dynamic application security testing, interactive application security testing). The right tests are performed at the right times (or not at all), depending on the actual code changes, the calculated risk score, and a company’s own security policies. This saves time and resources.
Automated workflow for manual or out-of-band AppSec activities. ASTO also uses your policies to trigger manual AppSec activities, such as penetration tests, through existing defect-tracking systems and communication channels, enabling security teams to coordinate security compliance with development workflows.
The right information to the right teams. ASTO provides optimized and prioritized results based on risk and the criteria predetermined by security or development teams (e.g., only critical vulnerabilities or only critical SQLi vulnerabilities). Results are filtered directly into the development and defect-tracking tools that development teams already use, avoiding vulnerability overload.