Scribd
Upload
37 views7 pages

Methods of Testing The Software On Security

Static and dynamic application security testing tools can analyze software in different ways. Static application security testing (SAST) tools analyze source code without executing it, while dynamic application security testing (DAST) tools execute the software and analyze runtime behavior. Other tools include software composition analysis to check for vulnerabilities in open source components, database scanning, interactive application security testing (IAST) that uses static and dynamic techniques, mobile application security testing (MAST) focused on mobile apps, and orchestration tools to integrate security across the development lifecycle.

Uploaded by

Aziza Suleymen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
37 views7 pages

Methods of Testing The Software On Security

Static and dynamic application security testing tools can analyze software in different ways. Static application security testing (SAST) tools analyze source code without executing it, while dynamic application security testing (DAST) tools execute the software and analyze runtime behavior. Other tools include software composition analysis to check for vulnerabilities in open source components, database scanning, interactive application security testing (IAST) that uses static and dynamic techniques, mobile application security testing (MAST) focused on mobile apps, and orchestration tools to integrate security across the development lifecycle.

Uploaded by

Aziza Suleymen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 7

METHODS OF TESTING

THE SOFTWARE ON
SECURITY
INTRODUCTION

Bugs and weaknesses in software are


common: 84 percent of software breaches
exploit vulnerabilities at the application layer.
The prevalence of software-related problems
is a key motivation for using application
security testing (AST) tools. With a growing
number of application security testing tools
available, it can be confusing for information
technology (IT) leaders, developers, and
engineers to know which tools address which
issues.
APPLICATION SECURITY TOOLS
• Static Application Security Testing (SAST)
SAST tools can be thought of as white-hat or white-box testing,
where the tester knows information about the system or
software being tested, including an architecture diagram,
access to source code, etc.
• Dynamic Application Security Testing (DAST)
DAST tools run on operating code to detect issues with
interfaces, requests, responses, scripting (i.e., JavaScript), 
data injection, sessions, authentication, and more.
• Origin Analysis/Software Composition Analysis (SCA)
These tools are highly effective at identifying and finding
vulnerabilities in common and popular components,
particularly open-source components.
• Database Security Scanning
Database-security-scanning tools check for updated
patchesand versions, weak passwords, configuration
errors, access control list (ACL) issues, and more.
• Interactive Application Security Testing (IAST) and
Hybrid Tools
IAST tools use a combination of static and dynamic
Analysis techniques. They can test whether known
vulnerabilities in code are actually exploitable in the
running application.
• Application Security Testing as a Service (ASTaaS)
The service will usually be a combination of static and dynamic
analysis, penetration testing, testing of application
programming interfaces (APIs), risk assessments, and more.
ASTaaS can be used on traditional applications, especially
mobile and web apps.
• Mobile Application Security Testing (MAST)
MAST tools have specialized features that focus on issues
specific to mobile applications, such as jail-breaking or rooting
of the device, spoofed WI-FI connections, handling and
validation of certificates, prevention of data leakage, and more.
• Correlation Tools
Correlation tools can help reduce some of the noise by
providing a central repository for findings from others AST tools.
• Test-Coverage Analyzers
Test-coverage analyzers measure how much of the
total program code has been analyzed.
• Application Security Testing Orchestration (ASTO)
ASTO integrates security tooling across a software
development lifecycle.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy