Application Security Testing

Application Security Testing (AST) is the process of checking an application in order to identify potencial vulnerabilities and set points for security improvements.

They are different to code testing solutions, as AST focus on security, not other aspects like performance or reusability.

Types of AST

Types of AST:

  • Static AST (SAST)
  • Dynamic AST (DAST)
  • Interactive AST (IAST)
  • Software Composition Analysis (SCA)

Static aplication security testing (SAST) is used to review source code and binaries to detect problems before the code is loaded into memory and run.

xAST Solutions

xAST Solutions:

  • SonarQube
  • CheckPoint
  • Snyk Code
  • Clair
  • Kiuwan Code Security

SonarQube

SonarQube Community Edition is a free and open source software (FOSS) platform.

SonarQube Cloud is proprietary.

SonarQube official website

Checkmarx SAST

Checkmarx SAST is developed by Israeli company Checkmarx.

Checkmarx SAST official website

Snyk Code

Snyk Code

Snyk Code official website

Clair

Clair is a SAST tool.

It is FOSS.

Clair code repository

Kiuwan Code Security

Kiuwan Code Security is a SAST solution developed by company Kiuwan.

It is proprietary.

Kiuwan Code Security official website

Software Composition Analysis

You can read this post about software composition analysis (SCA).

You might also be interested in…

Leave a Reply

Your email address will not be published. Required fields are marked *