Application Security Testing (AST) is the process of checking an application in order to identify potencial vulnerabilities and set points for security improvements.
They are different to code testing solutions, as AST focus on security, not other aspects like performance or reusability.
Types of AST
Types of AST:
- Static AST (SAST)
- Dynamic AST (DAST)
- Interactive AST (IAST)
- Software Composition Analysis (SCA)
Static aplication security testing (SAST) is used to review source code and binaries to detect problems before the code is loaded into memory and run.
xAST Solutions
xAST Solutions:
- SonarQube
- CheckPoint
- Snyk Code
- Clair
- Kiuwan Code Security
SonarQube
SonarQube Community Edition is a free and open source software (FOSS) platform.
SonarQube Cloud is proprietary.
Checkmarx SAST
Checkmarx SAST is developed by Israeli company Checkmarx.
Checkmarx SAST official website
Snyk Code
Snyk Code
Clair
Clair is a SAST tool.
It is FOSS.
Kiuwan Code Security
Kiuwan Code Security is a SAST solution developed by company Kiuwan.
It is proprietary.
Kiuwan Code Security official website
Software Composition Analysis
You can read this post about software composition analysis (SCA).