Application Security Testing

Notes from a security testing webinar

Notes

  1. AST - Application security testing
  2. SAST - Static Application Security Testing
  3. DAST - Dynamic Applciation Secuirty Testing
  4. OWASP - top ten - Open Web Application Security Project ranks the top ten common web app vulnerabilities
  5. Input Validation and Output sanitization can easily mitigate cross site scripting
  6. DAST is more mature than SAST
  7. SAST
    • finding security bugs by searching for common programming mistakes:
      • mem allocation issues
      • Un-initialized variables
      • improper string handling
      • infinite loops
      • buffer size issues
Application Security Testing
Share this