From the course: Cloud Data, Platform, and Applications Security by Pearson
Join today to access over 25,200 courses taught by industry experts.
Security testing methodologies
From the course: Cloud Data, Platform, and Applications Security by Pearson
Security testing methodologies
Let's begin with a classic, Static Application Security Testing, or SAST. This is a common method referred to as a white box or know-all test. It's the analysis of the application source code, byte code, and or binaries, and it's carried out without executing the code. So the test is done when the application, or the app, or the mobile app is not in its runtime state. It's used to find coding mistakes, and errors, and oversights that are characteristic to application security vulnerabilities. SAST tools are also referred to as code analyzers. So they perform a direct analysis of the application source code. SAS security tools are mainstream. and they're widely adopted throughout the software industry. In fact, they're often not run as a standalone, but they're integrated into the development environment or into the software development kit. This method is often used as a technique earlier in the development lifecycle. SAST can be used to find SQL injection attacks, cross-site…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.