Difference between revisions of "Application Security Testing (AST)"
Jump to navigation
Jump to search
| (23 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Draft}} | {{Draft}} | ||
| + | [[wikipedia:Application Security Testing]] | ||
* [[Static Application Security Testing (SAST)]] | * [[Static Application Security Testing (SAST)]] | ||
* [[Dynamic Application Security Testing]] ([[DAST]]) | * [[Dynamic Application Security Testing]] ([[DAST]]) | ||
| − | * [[Interactive Application Security Testing]] ([[IAST]]), for example, instrumenting the [[Java Virtual Machine]] (JVM) or .NET CLR. For example: [[Seeker]] | + | * [[Interactive Application Security Testing]] ([[IAST]]), for example, instrumenting the [[Java Virtual Machine]] (JVM) or .NET CLR. For example: [[Seeker]] ([[Synopsys]]) |
| − | * [[Synopsys]]: | + | * [[Synopsys]]: [[Coverity]] ([[2002]]) No [[DAST]] on-premises product |
* [[Veracode]]: AST tools, only AST as a service. | * [[Veracode]]: AST tools, only AST as a service. | ||
| − | * [[Micro Focus]]: | + | * [[Micro Focus]]: [[Fortify WebInspect]]. As a product, as well as in the cloud. |
* [[Checkmarx]] | * [[Checkmarx]] | ||
* [[WhiteHat Security]] | * [[WhiteHat Security]] | ||
| − | * [[Qualys]] | + | * [[Qualys]]: [[glibc]] |
* [[Rapid7]] | * [[Rapid7]] | ||
* [[CAST]] | * [[CAST]] | ||
| Line 20: | Line 21: | ||
* [[SiteLock]] | * [[SiteLock]] | ||
* [[Trustwave]] | * [[Trustwave]] | ||
| + | * [[SonarQube]] 2006-2007 | ||
| + | Other vendors: [[edgescan]], [[Fasoo]], [[GitLab Ultimate|GitLab]], [[GrammaTech]], ImmuniWeb, Kiuwan, Netsparker, NSFOCUS, N-Stalker, Onapsis (Virtual Forge), PortSwigger, Positive Technologies, SiteLock, [[SonarQube]], Trustwave and Wallarm | ||
| + | |||
| + | Other applications: [[kubesec]], [[flawfinder]] | ||
| + | |||
| + | |||
| + | == Related terms == | ||
| + | * [[Software Composition Analysis (SCA)]] | ||
| + | * [[ASLR]], PIE, and NX | ||
| + | * [[Gartner]] [[Application Security Testing (AST)]] [[MQ]] | ||
| + | * [[Threat detection]] | ||
| + | * [[Cloud security]] | ||
== See also == | == See also == | ||
| − | * {{ | + | * [[RASP]] |
| + | * {{DAST}} | ||
| + | * {{AST}} | ||
| + | * {{Gartner}} | ||
[[Category:Security]] | [[Category:Security]] | ||
Latest revision as of 22:19, 22 February 2022
This article is a Draft. Help us to complete it.
wikipedia:Application Security Testing
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Interactive Application Security Testing (IAST), for example, instrumenting the Java Virtual Machine (JVM) or .NET CLR. For example: Seeker (Synopsys)
- Synopsys: Coverity (2002) No DAST on-premises product
- Veracode: AST tools, only AST as a service.
- Micro Focus: Fortify WebInspect. As a product, as well as in the cloud.
- Checkmarx
- WhiteHat Security
- Qualys: glibc
- Rapid7
- CAST
- Contrast Security
- Acunetix
- Positive Technologies
- SiteLock
- Trustwave
- SonarQube 2006-2007
Other vendors: edgescan, Fasoo, GitLab, GrammaTech, ImmuniWeb, Kiuwan, Netsparker, NSFOCUS, N-Stalker, Onapsis (Virtual Forge), PortSwigger, Positive Technologies, SiteLock, SonarQube, Trustwave and Wallarm
Other applications: kubesec, flawfinder
Related terms[edit]
- Software Composition Analysis (SCA)
- ASLR, PIE, and NX
- Gartner Application Security Testing (AST) MQ
- Threat detection
- Cloud security
See also[edit]
- RASP
- DAST, SQL injection, Denial-of-service attack (DoS attack), Buffer overflow
- Application Security Testing (SAST, DAST, IAST): Fortify WebInspect, GitLab Ultimate, flawfinder, Kubesec, Coverity, SonarQube, SCA, Checkmarx
- Research and analisys, Market Intelligence: Gartner, Gartner Magic Quadrant, Gartner hype cycle, Gartner Market Guide, Forrester: Forrester Wave, IDC, 451 Research, CB Insights, G2 Crowd, SIEM Magic Quadrant, Privileged Access Management, Nielsen, 451 Group (451 research), Gartner Cool Vendors in Cloud Computing, Capterra
Advertising:
