Application Security
Testing
Static AST (SAST)
Examine source code (at rest) to detect and report weaknesses that can lead to security vulnerabilities.
Dynamic AST (DAST)
Detect conditions that indicate a security vulnerability in an application in its running state.
Interactive AST (IAST)
IAST tools use a combination of static and dynamic analysis techniques.
They can test whether known vulnerabilities in code are actually exploitable in the running application.
Mobile AST
MAST Tools are a blend of static, dynamic, and forensics analysis.
AST reduces risk in applications but cannot completely eliminate it.
The major motivation for using AST tools is that manual code reviews and traditional test plans are time consuming, and new vulnerabilities are continually being introduced or discovered.
FACTS
AST solutions are adapting to Agile and DevOps methodologies by integrating deeply into the SDLC, addressing newer and more complex applications, incorporating machine-learning into their offerings to filter out false positives, and providing software composition analysis of third party and open source code.
Hacker-powered security is undergoing rapid expansion, not just among the tech fast movers, but among government, e-commerce, retail, and gaming companies.
Application Security Testing is one of the fastest growing markets in Cybersecurity, with a projected 14% compound annual growth rate through 2020.