Tag Archives: DAST

Automating DAST Scans with Jenkins, Arachni & ThreadFix

I’m often asked how security tests can be automated with non-commercial tools, e.g. triggered by a Jenkins build. Therefore I decided to write this post, to give you a bit of understanding which tools you can use and what you … Continue reading

Posted in DAST, Java, Security Test Automation, Uncategorized | Tagged , , , | 4 Comments

Gartner’s Magic Quadrant for Application Security Testing 2014

One publication that usually became a lot of attention in the application security market is of course Gartner‚Äôs magic quadrant. A new one for Application Security Testing (that is confusingly abbreviated with “AST”, a term that in software anylysis usually … Continue reading

Posted in DAST, SAST, Security Test Automation | Tagged , , | Leave a comment

Code Scanning Models: Factory vs. Self Service

A few months ago, Gary McGraw wrote an interesting article on SAST deployments in the field. In it, he basically differentiates two service¬†models: Code Scanning Factory (actually he called it “centralized code review scanning factory for code review”) Self Service … Continue reading

Posted in SAST | Tagged , , , , , | Leave a comment

10 Reasons why we need Application Security Testing Tools

Despite the fact that there are quite a few reservations concerning the use of application security scanning technologies (e.g. false positives, false negatives, usability and of course the price), there are also a couple of good reasons for using such … Continue reading

Posted in SAST | Tagged , , , , , | Leave a comment