Application Security Testing (AST)
Revision as of 03:34, 6 May 2020 by Welcome (talk | contribs) (Welcome moved page Application Security Testing to Application Security Testing (AST))
This article is a Draft. Help us to complete it.
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Interactive Application Security Testing (IAST), for example, instrumenting the Java Virtual Machine (JVM) or .NET CLR. For example: Seeker (Synopsys)
- Synopsys: coverity. No DAST on-premises product
- Veracode: AST tools, only AST as a service.
- Micro Focus: Fortify WebInspect. As a product, as well as in the cloud.
- Checkmarx
- WhiteHat Security
- Qualys: glibc
- Rapid7
- CAST
- Contrast Security
- Acunetix
- Positive Technologies
- SiteLock
- Trustwave
- SonarQube 2006-2007
Other vendors: edgescan, Fasoo, GitLab, GrammaTech, ImmuniWeb, Kiuwan, Netsparker, NSFOCUS, N-Stalker, Onapsis (Virtual Forge), PortSwigger, Positive Technologies, SiteLock, SonarQube, Trustwave and Wallarm
Other applications: kubesec, flawfinder
Related terms
- Software Composition Analysis (SCA)
- ASLR, PIE, and NX
See also
- RASP
- Application Security Testing (SAST, DAST, IAST): Fortify WebInspect, GitLab Ultimate, flawfinder, Kubesec, Coverity, SonarQube, SCA, Checkmarx
- Research and analisys, Market Intelligence: Gartner, Gartner Magic Quadrant, Gartner hype cycle, Gartner Market Guide, Forrester: Forrester Wave, IDC, 451 Research, CB Insights, G2 Crowd, SIEM Magic Quadrant, Privileged Access Management, Nielsen, 451 Group (451 research), Gartner Cool Vendors in Cloud Computing, Capterra
- Security: Security portfolio, Security standards, Hardening, CVE, CWE, Wireless Network Hacking, vulnerability scanner, Security risk assessment, SCA, Application Security Testing, OWASP, Data leak, NIST, SANS, MITRE, Security policy, Access Control attacks, password policy, password cracking, Password manager, MFA, OTP, UTF, Firewall, DoS, Software bugs, MITM, Certified Ethical Hacker (CEH) Contents, Security+ Malware, FIPS, DLP, Network Access Control (NAC), VAPT, SIEM, EDR, SOC, pentest, PTaaS, Clickjacking, MobSF, Janus vulnerability, Back Orifice, Backdoor, CSO, CSPM, PoLP, forensic, encryption, Keylogger, Pwn2Own, CISO, Prototype pollution
Advertising: