From the course: Building an Application Security Program
Join today to access over 25,200 courses taught by industry experts.
Static application security testing (SAST)
From the course: Building an Application Security Program
Static application security testing (SAST)
- [Instructor] Now let's talk about security testing and the different types of security tests that we can run. I want to start by first talking about static application security testing. A good definition of SAST by Forrester is tools that test and evaluate an applications proprietary code by examining the code or binary without executing the application. SAST is one of the most mature areas of security testing. The tools have been around for quite some time. They have matured and become more accurate over time, but static analysis testing of code has been around for years. It's mainly a rules-based type of test where it checks the code, follows the code logic, and looks for security vulnerabilities. Obviously, the tools have to keep up to date with the latest vulnerabilities in the latest languages, but the category has been around for years. SAST works really well when developers are directly involved. Since developers…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Understanding AppSec testing5m 46s
-
(Locked)
Threat modeling5m 20s
-
(Locked)
Static application security testing (SAST)3m 14s
-
(Locked)
Dynamic application security testing (DAST)2m 55s
-
(Locked)
Interactive application security testing (IAST)2m 29s
-
(Locked)
Static code analysis (SCA)3m 6s
-
(Locked)
Verification testing2m 10s
-
(Locked)
Pentesting2m 50s
-
(Locked)
Red/Blue/Purple testing3m 32s
-
(Locked)
Monitoring AppSec in production3m 42s
-
(Locked)
RASP vs. WAF6m 32s
-
(Locked)
-
-