• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

DevelopSec

  • Home
  • Podcast
  • Blog
  • Resources
  • About
  • Schedule a Call

sast

October 8, 2019 by James Jardine Leave a Comment

What is the difference between source code review and static analysis?

Static analysis is the process of using automation to analyze the application's code base for known security patterns. It uses different methods, such as following data from it source (input) to its sink (output) to identify potential weaknesses. It also uses simple search methods in an attempt to identify hard-coded values, like passwords in the code. Automated tools struggle at finding business logic or authentication/authorization flaws. Code Review is a much larger project where both … [Read more...] about What is the difference between source code review and static analysis?

Filed Under: Questions Tagged With: application security, code review, development, sast, secure code review, secure coding, secure development, secure sdlc, security, testing

June 7, 2018 by James Jardine Leave a Comment

Choosing Application Security Tools

There are lots of security tools available, so how do you know which one to pick? If your security team is not including the application teams in the decision, you run a big risk of failure. The security team does get the ability to form relationships with vendors. We see them at conferences. We know people that work there. Because our focus is on security, we know the tools that exist in our space and we have an idea of which ones may be better than others. Of course, this is often due to … [Read more...] about Choosing Application Security Tools

Filed Under: General Tagged With: application security, AppSec, awareness, dast, iast, owasp, pen testing, penetration testing, pentest, qa, sast, secure design, secure development, security, security testing, security training, testing, top 10, vendors

August 30, 2016 by James Jardine Leave a Comment

Does SAST and DAST Really Require Security Experts To Run Them?

There is no argument that automated tools help quickly identify many of the vulnerabilities found in applications today. Tools are typically categorized into one of the following three categories: Dynamic Application Security Testing (DAST) - analyzes the running application. Static Application Security Testing (SAST) - analyzes the source or byte code of the application. Interactive Application Security Testing (IAST) - uses agents installed on the web server to instrument the application … [Read more...] about Does SAST and DAST Really Require Security Experts To Run Them?

Filed Under: General Tagged With: dast, developer, dynamic analysis, qa, sast, secure code, secure development, security, security expert, static analysis, training

Primary Sidebar

Contact Us:

Contact us today to see how we can help.
Contact Us

Footer

Company Profile

Are you tackling the challenge to integrate security into the development process? Application security can be a complex task and often … Read More... about Home

Resources

Podcasts
DevelopSec
Down the Security Rabbithole (#DTSR)

Blogs
DevelopSec
Jardine Software

Engage With Us

  • Email
  • GitHub
  • Twitter
  • YouTube

Contact Us

DevelopSec
Email: james@developsec.com



Privacy Policy

© Copyright 2018 Developsec · All Rights Reserved