2015-10-25T12:49:39Z
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
  • 3
  • 4

When evaluating Application Security Testing, what aspect do you think is the most important to look for?

Let the community know what you think. Share your opinions now!

4
PeerSpot user
4 Answers
NJ
Vice President - Strategic Alliances & Strategic Accounts at ACCELQ
Real User
2020-02-11T00:23:25Z
Feb 11, 2020

Accuracy, cost, reliability and stability

Search for a product comparison in Application Security Testing (AST)
PH
Account Manager with 1-10 employees
User
2018-03-15T16:17:47Z
Mar 15, 2018

Accuracy of the assessment report is the most important aspect of application security test. It should not contain false-positives, be well structured and provide enough information for the developers to fix the discovered issues.

PK
Senior System Engineer with 51-200 employees
Reseller
2016-03-09T11:07:31Z
Mar 9, 2016

1) Strong enrypting and valide certificates. 2) Separated security policies for different parts of solution. 3) Secured accounts for maintaining. 4) Performance bottlenecks between frontend and backend. 5) Overall stability of whole solution under stress.

Vendor
2016-02-23T06:12:16Z
Feb 23, 2016

Total cost of ownership

Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: February 2023.
686,748 professionals have used our research since 2012.
Related Questions
Avigayil Henderson - PeerSpot reviewer
Content Development Manager at PeerSpot
Feb 22, 2023
Hello community, Please share your input and help out fellow peers. Thank you.
See 1 answer
LW
Content Editor at PeerSpot
Feb 22, 2023
Getting visibility into and control of complex or distributed cloud environments is not only a matter of investing in a CSPM (although that can be part of the answer). There are a number of additional approaches that can help. Let's look at a number of possibilities. The most obvious step is using a CSPM to view and manage resources in a centralized location. There's no doubt that having everything in one place makes it easier to monitor and control your cloud environment. And a CSPM can scale as your environment changes, while helping to automate processes. CSPMs are a maturing technology that can be very effective in bringing a complex environment into compliance and the alerts and remediation offered help to harden security posture. The CSPM market includes Prisma Cloud by Palo Alto Networks, Microsoft Defender for Cloud, Orca Security, Check Point CloudGuard Posture Management, Lacework, and Wiz, among others. On the visibility front, cloud monitoring tools like Auvik, Datadog, Centreon, or Amazon CloudWatch and Azure Monitor provide metrics and logs that can be used to identify issues and optimize performance. They can alert you to potential problems before they become critical. As noted, leveraging automation is going to be important when dealing with complex cloud estates. Automating common tasks will reduce the time and effort required to manage your cloud environment and can help create consistency across your systems. Tools like AWS CloudFormation, Google Cloud Deployment Manager, or Azure Resource Manager can automate the deployment and management of cloud resources. But beyond the tools are the security best practices that can also help bring things under control and help narrow down the search for issues when they occur. They include role-based access control, network segmentation, and encryption and they should help reduce the risk of unauthorized access and data breaches. Tried and true architectural approaches can also help, including containerization and microservices. These approaches simplify the management of complex or distributed cloud environments and break down applications into smaller, independent services, making issues easier to manage.
Avigayil Henderson - PeerSpot reviewer
Content Development Manager at PeerSpot
Feb 22, 2023
Hi community,  Please share your input and help out fellow peers. Thank you.
See 2 answers
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Feb 19, 2023
Hi, some of the best cloud compliance reporting tools are as below- * Checkpoint CloudGuard Dome9 * Nutanix Xi Beam * Qualys Cloud Platform * Sophos Cloud Optix * Symantec Control Compliance Suite
LW
Content Editor at PeerSpot
Feb 22, 2023
There is probably no single tool that can completely unify cloud compliance reporting across all cloud providers and compliance frameworks. That's a pretty big ask (but a good one). But there are, of course, tools that streamline compliance reporting and make the process easier to manage across multiple cloud environments and compliance standards. These compliance management platforms can help identify compliance gaps, enforce policies, and generate compliance reports. Prisma Cloud enables you to monitor, view, and report on cloud infrastructure health and your compliance posture. You can create reports with both summary and detailed findings of security and compliance risks and it also offers a Compliance Dashboard and the ability to create custom compliance standards. Check Point CloudGuard Posture Management looks to automate conformance to regulatory requirements and security best practices. It provides compliance posture management for AWS, Azure, Google Cloud, Alibaba Cloud, and Kubernetes and claims to reference over 50 compliance frameworks. It also enables customization of cloud compliance with its proprietary Governance Specification Language. Touting 65 out-of-the-box frameworks, CIS Benchmarks, and custom compliance checks, Orca Security is an agentless solution that works across multiple cloud platforms. It exposes and prioritizes issues so that compliance gaps can be addressed strategically. Another option is Chef Compliance, which leverages certified, curated audit and remediation content and aims to make sure assets are always in compliance with CIS benchmarks and DISA STIGs. It supports multiple cloud providers and compliance frameworks. Perhaps lesser-known, CloudCheckr helps maintain security and compliance in the cloud and monitors cloud infrastructure against dozens of standards including PCI DSS, HIPAA, CIS, and NIST. Cloud One - Conformity, from Trend Micro, works toward security, compliance, and governance of cloud infrastructure with real-time monitoring and auto-remediation features for AWS, Microsoft Azure, and Google Cloud.
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 2, 2022
Dear professionals, Welcome back to PeerSpot's Community Spotlight! Below you can find the latest hot topics posted by your fellow PeerSpot Community members. Read articles, answer questions, and contribute to discussions that are relevant to you and your expertise. Or ask your peers for insight on topics that interest you! Trending Here are some topics that your peers are discussi...
See 1 comment
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 2, 2022
@Chris Childerhose, @PraveenKambhampati, @Deena Nouril, @Shibu Babuchandran and @reviewer1925439, Thank you for contributing your articles and sharing your professional knowledge with 618K PeerSpot community members around the globe as well as with a much bigger readers audience!
Deena Nouril - PeerSpot reviewer
Tech Blogger
Aug 5, 2022
What is OWASP? The OWASP or Open Web Application Security Project is a nonprofit foundation dedicated to improving software security. It operates under an open community model, meaning that anyone can participate in and contribute to OWASP-related online chats and projects. The OWASP ensures that its offerings (online tools, videos, forums, events, etc.) remain free and are easily accessible t...
See 2 comments
Ben Arbeit - PeerSpot reviewer
Manager at a retailer with 51-200 employees
Jul 31, 2022
Thanks for this informative article.
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Aug 5, 2022
OWASP is nice, but very specific and currently limited. How about trying ISO-24772 for all?
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 2, 2022
Community Spotlight #19
Dear professionals, Welcome back to PeerSpot's Community Spotlight! Below you can find the lates...
Deena Nouril - PeerSpot reviewer
Tech Blogger
Aug 5, 2022
What is OWASP Top 10 in 2022
What is OWASP? The OWASP or Open Web Application Security Project is a nonprofit foundation dedi...
Download Free Report
Download our free Veracode Report and get advice and tips from experienced pros sharing their opinions. Updated: February 2023.
DOWNLOAD NOW
686,748 professionals have used our research since 2012.