IT Central Station is now PeerSpot: Here's why

Top 8 Application Security Testing (AST)

VeracodeCheckmarxPortSwigger Burp Suite ProfessionalGitLabMicro Focus Fortify on DemandOWASP ZapGitGuardian Internal MonitoringAcunetix
  1. leader badge
    Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed.
  2. leader badge
    The SAST component was absolutely 100% stable.The most valuable features of Checkmarx are the automation and information that it provides in the reports.
  3. Buyer's Guide
    Application Security Testing (AST)
    July 2022
    Find out what your peers are saying about Veracode, Checkmarx, PortSwigger and others in Application Security Testing (AST). Updated: July 2022.
    619,967 professionals have used our research since 2012.
  4. leader badge
    The solution is stable.The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools.
  5. leader badge
    GitLab is being used as a repository for our codebase and it is a one stop DevOps tool we use in our team.GitLab's best features are maintenance, branch integration, and development infrastructure.
  6. leader badge
    Fortify on Demand can be scaled very easily.While using Micro Focus Fortify on Demand we have been very happy with the results and findings.
  7. The solution has tightened our security.It updates repositories and libraries quickly.
  8. report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    619,967 professionals have used our research since 2012.
  9. The secrets detection and alerting is the most important feature. We get alerted almost immediately after someone commits a secret. It has been very accurate, allowing us to jump on it right away, then figure out if we have something substantial that has been leaked or whether it is something that we don't have to worry about. This general main feature of the app is great.
  10. The most valuable feature of Acunetix is the UI and the scan results are simple.Acunetix is the best service in the world. It is easy to manage. It gives a lot of information to the users to see and identify problems in their site or applications. It works very well.

Advice From The Community

Read answers to top Application Security Testing (AST) questions. 619,967 professionals have gotten help from our community of experts.
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Hi peers, I believe many of you have already heard of the recent Log4j/Log4Shell vulnerability that allows attackers to perform remote code execution (RCE). What does it mean for an organization? How can you check you're vulnerable and mitigate/patch it now, if at all? Lastly, what impact do...
Read More »
ITSecuri7cfd - PeerSpot reviewer
ITSecuri7cfdYet another chance to test our incident response procedures.  So far I would… more »
5 Answers
Charles Race - PeerSpot reviewer
Charles Race
Manager of Data Processing at New York State Insurance Fund

I'm choosing an Application Security Testing platform.

My use cases are as follows:

  • SAST
  • DAST
  • Component Scanning
  • Vulnerability auditing 
  • Mitigation

What product/solution would you recommend and why? 

Thomas Ryan - PeerSpot reviewer
Thomas RyanThe first thing you'd want to do is: 1. Look at your application inventory to… more »
8 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)

Hi,

Many companies wonder whether SAST or DAST is better for application security testing. 

What are the relative benefits of each methodology? Is it possible to make use of both?

Dan Doggendorf - PeerSpot reviewer
Dan DoggendorfSAST and  DAST are not mutually exclusive and should be used in conjunction with… more »
6 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)

What are the different types of tools that should be used together in DevSecOps?

What are the specific tools that you like to use when working on your DevSecOps pipeline? 

What is essential, and what is a nice-to-have? 

Jeremy Vaughan - PeerSpot reviewer
Jeremy VaughanDepends on budget and the larger approach to security, compliance, and risk… more »
6 Answers

Application Security Testing (AST) Articles

Deena Nouril - PeerSpot reviewer
Deena Nouril
Tech Blogger
Aug 05 2022
What is OWASP? The OWASP or Open Web Application Security Project is a nonprofit foundation dedicated to improving software security. It operates under an open community model, meaning that anyone can participate in and contribute to OWASP-related online chats and projects. The OWASP ensures tha...
Read More »
Ben Arbeit - PeerSpot reviewer
Ben ArbeitThanks for this informative article.
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraOWASP is nice, but very specific and currently limited. How about trying… more »
2 Comments
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Aug 02 2022
Dear professionals, Welcome back to PeerSpot's Community Spotlight! Below you can find the latest hot topics posted by your fellow PeerSpot Community members. Read articles, answer questions, and contribute to discussions that are relevant to you and your expertise. Or ask your peers for insight...
Read More »
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky@Chris Childerhose, @PraveenKambhampati, @Deena Nouril, @Shibu Babuchandran and… more »
1 Comment

Application Security Testing (AST) Topics

Why is application security important?

Application security is important because for applications that are connected to the cloud or for applications that are available over various networks, your organization is more vulnerable to security breaches and threats. To prevent these attacks, application security testing can be used to reveal weaknesses.

What are the different types of application security?

The different types of application security include:

  • Authentication is the process of software developers building procedures into an application to ensure that only authorized users gain access to it. Authentication also verifies a user’s identity.
  • Authorization can only happen after authentication. The system may verify that the user has permission to access the application by comparing the user's identification to a list of authorized users.
  • Encryption can protect sensitive data from being used by a cybercriminal. For cloud-based applications, traffic containing sensitive data that travels between the end user and the cloud can also be encrypted so that the data stays safe.
  • Logging can assist in determining who gained access to data and how they did so in the event of a security breach in an application.
What are different application security approaches?

Different approaches are used to determine different application security flaws. Some approaches are more effective at different stages of the development lifecycle.

  • Black-box security audit: For this approach, no source code is necessary. Black-box security audits are used to test an application for security flaws.
  • White-box security review or code review: This approach involves a security engineer manually inspecting the source code of an application to look for security issues. Vulnerabilities unique to the application can be discovered through understanding the application.
  • Automated tooling: Automated tooling can be used during the development or testing process.
  • Design review: Before code is created, the architecture and design of the application can be reviewed for security flaws.
  • Coordinated vulnerability platform: Many websites and software providers offer hacker-powered application security solutions through which individuals can be recognized and compensated for reporting defects.
What is application security testing?

Application security testing is part of the software development process that application developers use to ensure there are no security vulnerabilities in a new or updated version of a software application. Application security testing is performed continuously throughout the development and production phases of the software development lifecycle, helping bridge the gap between development, operations, and security.

What are application security testing tools?
  • Dynamic Application Security Testing (DAST) detects a wide variety of technical vulnerabilities and is an essential part of any application security program. It can continuously and automatically test applications in both production and pre-production environments, so your organization can get a better understanding of the true risk surface of your applications. 
  • Static Applications Security Testing (SAST) aims to remediate critical code vulnerabilities before they become security risks. It allows your organization to address high-risk issues earlier and reduce cost of AppSec remediation efforts by detecting and remediating vulnerabilities before the software is deployed. 
  • Mobile Application Security Testing (MAST) is a type of application security testing tool that focuses on finding and remediating software security vulnerabilities before applications move into production.
What are application security testing best practices?

Application security testing best practices include:

  • Educate developers on how to build applications that are secure by design.
  • Help testers identify security issues early, before software goes to production.
  • Adapt business processes to include risk analysis and use automated tools for in-depth testing and continuous monitoring.
  • Test internal interfaces, not just APIs and UIs.
  • Mobile operating systems, architecture, and development tools are significantly different from traditional web applications. Invest in more specialized training and AppSec testing tools for secure mobile app development.
  • Organizations should employ AST practices to any third-party code they use in their applications.
  • Build an effective API security strategy that includes comprehensive vulnerability scanning for web service APIs, public, private, and internal-facing APIs.
  • Practice zero-trust. Assume all third-party applications are untrusted until validated.
  • Combine DAST and SAST methodologies to achieve effective and long-term risk and cost reduction.
Application Security Testing Tools Features

When doing your research, look for application security testing tools that have the following features:

  • Ease of use: The tool should be easy to use, for beginners and advanced professionals.
  • Flexibility: The tool should be flexible enough to accommodate your needs and allow you to test all aspects of your application.
  • Functionality: A good application security testing tool should offer a wide range of functionality so that you can test every aspect of your application’s security.
  • Reporting capabilities: Reporting capabilities features will allow you to generate comprehensive reports detailing the results of your conducted security tests.
  • Price: As with any purchase, the application security testing tool you choose should be affordable without sacrificing quality or features.
Application Security Testing Tools Benefits

Below are several reasons businesses should invest in application security testing tools:

  • Boosts customer satisfaction: Application security testing tools help your organization keep customer data secure and, in turn, build customer confidence.
  • Protection from external attacks and leaks: Application security testing tools protect sensitive data from being exposed by showing all the errors during the testing process.
  • Cost savings: Following security testing during SDLC saves costs by highlighting the bugs very early on. When a developer is able to fix bugs sooner in the process, your organization saves both money and time.
  • Reduced risk: When QA teams use application security testing tools, end-user data remains safe. If the security of an application becomes compromised, an organization risks its reputation.
Disadvantages of Application Security Testing Tools

While application security testing tools have a lot of great features and many benefits, they also have some downsides, including:

  • The results of application security tests may vary in accuracy if not performed correctly.
  • Testing is time-consuming and requires expertise to execute properly.
  • Without appropriate resource allocation, setting up the processes may be difficult or impossible to sustain.
Buyer's Guide
Application Security Testing (AST)
July 2022
Find out what your peers are saying about Veracode, Checkmarx, PortSwigger and others in Application Security Testing (AST). Updated: July 2022.
619,967 professionals have used our research since 2012.