Application Security Tools for Continuous Testing
There are lots of tools out there to support security testing activities. You’ve probably seen some of the acronyms used to describe them when looking at marketing material or reading about application security - SAST, DAST, IAST, RASP, etc. But the question is always which tools to use where within your testing process. This is particularly important in a DevOps model where continuous testing is used to continuously validate code as it changes. Selecting the wrong tools or using them at the wrong place can impact your delivery process significantly. In this tutorial, Jeffery Payne discusses the various types of security tools available and how they are typically used within a rigorous continuous testing process. Key types of security testing are explained with a focus on where to apply what tooling. Demonstrations are given of various open-source and commercial tools to show how they work and what the pros and cons of each type of security testing is. Learn all about security testing tools during this tutorial. Take home valuable information on what tools fit where in a continuous testing process.
Jeffery Payne is CEO and founder of Coveros, Inc., a consulting company that helps organizations accelerate delivery using agile methods. Since its inception in 2008, Coveros has become a market leader in agile and DevOps engineering while being recognized by Inc. Magazine as one of the fastest growing private companies in the country. Prior to founding Coveros, Jeffery was Chairman of the Board, CEO, and co-founder of Cigital, Inc., a market leader in software security consulting. Mr. Payne has published over 30 papers on software development and testing as well as testified before Congress on issues of national importance, including intellectual property rights, cyber-terrorism, and software quality.