Application Security Testing (AST) is the process of checking an application in order to identify potencial vulnerabilities and set points for security improvements.
They are different to code testing solutions, as AST focus on security, not other aspects like performance or reusability.
Types of AST
Types of AST:
- Static AST (SAST)
- Dynamic AST (DAST)
- Interactive AST (IAST)
- Software Composition Analysis (SCA)
Static aplication security testing (SAST) is used to review source code and binaries to detect problems before the code is loaded into memory and run.
xAST Solutions
xAST Solutions:
- SonarQube
- CheckPoint
- Snyk Code
- Clair
SonarQube
SonarQube Community Edition is a free and open source software (FOSS) platform.
SonarQube Cloud is proprietary.
Checkmarx SAST
Checkmarx SAST is developed by Israeli company Checkmarx.
Checkmarx SAST official website
Snyk Code
Snyk Code
Clair
Clair is a SAST tool.
It is FOSS.
Software Composition Analysis
Software composition analysis (SCA) is a tool to analyze the security of libraries and dependencies within a software project.
JFrog Xray
JFrog Xray is an SCA tool developed by company JFrog.
OWASP Dependency Check
OWASP Dependency Check is an SCA tool.
OWASP Dependency Check code repository
OWASP Dependency Check official website