Category Archives: SAST

AST Tool Evaluation – Key Findings and Limitations of OWASP Benchmark Project

Tools that test code for common vulnerabilities such as OWASP Top Ten fall today in three categories of AST (Application Security Testing) tools: SAST (static code scanning), DAST (dynamic app scan) and IAST (dynamic code scanning). Consequently, there are not … Continue reading

Posted in DAST, IAST, SAST | Tagged , , , | Leave a comment

Agile Security & SecDevOps Touch Points

Agile software development has gotten more and more attention in the last couple of years. Not only internet startups or media agencies but also large companies from conservative business lines like automotive, banking, insurance and public sector more and more … Continue reading

Posted in DAST, IAST, Java, SAST, Secure SDLC, Secure Software Development, Security Requirements, Security Test Automation, Threat Modeling | Tagged , , | 5 Comments

IAST: A New Approach for Agile Security Testing

Static Application Security Testing (SAST) tools such as Fortify, Veracode, Checkmarx or IBM App Scan Source Edition have been available on the market now for a while. All of them have their specific pros and cons. But there are certain … Continue reading

Posted in IAST, SAST, Security Test Automation | Tagged | 5 Comments

Gartner’s Magic Quadrant for Application Security Testing 2014

One publication that usually became a lot of attention in the application security market is of course Gartner’s magic quadrant. A new one for Application Security Testing (that is confusingly abbreviated with “AST”, a term that in software anylysis usually … Continue reading

Posted in DAST, SAST, Security Test Automation | Tagged , , , | 1 Comment

Code Scanning Models: Factory vs. Self Service

A few months ago, Gary McGraw wrote an interesting article on SAST deployments in the field. In it, he basically differentiates two service models: Code Scanning Factory (actually he called it “centralized code review scanning factory for code review”) Self Service … Continue reading

Posted in SAST | Tagged , | Leave a comment

10 Reasons why we need Application Security Testing Tools

Despite the fact that there are quite a few reservations concerning the use of application security scanning technologies (e.g. false positives, false negatives, usability and of course the price), there are also a couple of good reasons for using such … Continue reading

Posted in SAST | Tagged , , | 2 Comments