Application Security Testing
Jump to navigation Jump to search
This article is a Draft. You can help to complete it.
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Interactive Application Security Testing (IAST), for example, instrumenting the Java Virtual Machine (JVM) or .NET CLR. For example: Seeker (Synopsys)
- Synopsys: coverity. No DAST on-premises product
- Veracode: AST tools, only AST as a service.
- Micro Focus: Fortify WebInspect. As a product, as well as in the cloud.
- WhiteHat Security
- Qualys: glibc
- Contrast Security
- Positive Technologies
- SonarQube 2006-2007
Other vendors: edgescan, Fasoo, GitLab, GrammaTech, ImmuniWeb, Kiuwan, Netsparker, NSFOCUS, N-Stalker, Onapsis (Virtual Forge), PortSwigger, Positive Technologies, SiteLock, SonarQube, Trustwave and Wallarm
- Application Security Testing (SAST, DAST, IAST): Fortify WebInspect, GitLab Ultimate, flawfinder, Kubesec, Coverity, SonarQube
- Gartner, Forrester: Gartner Magic Quadrant, Forrester Wave
- Security: Hardening, CVE, CWE, Wireless Network Hacking, vulnerability scanner, Security risk assessment, SCA, Application Security Testing, OWASP, Data leak, Password policy, NIST, SANS, Security policy, password policy, MFA, Access Control attacks, password cracking, OTP, UTF, Firewall, DoS, Software bugs, MITM, Password manager