Followers

SAST and DAST

0 0 Wednesday, February 16, 2022 2022-02-16T23:18:00-08:00 Edit this post

  Data is very important for any organization because it drives the business. If an organization loses its data or data is stolen then it ma...

 Data is very important for any organization because it drives the business. If an organization loses its data or data is stolen then it may be huge financial or business consequences for that organization. To prevent data loss organizations need to identify vulnerabilities in their applications and mitigate the risks. For that, they are adding application security testing, including SAST(static application security testing) and DAST(dynamic application security testing), to their software development workflow.


SAST and DAST

SAST and DAST are application security testing methodologies used to find security vulnerabilities that can make an application more seucre from outside attacks

SAST:- (Before running the application) It is a white box method of testing. It examines the code to find software flaws and weaknesses such as SQL injection.

DAST:- (At Run time of application) It is a black box method of testing. It examines an application as it's running to find vulnerabilities that an attacker could exploit.

Differences between SAST and DAST

1. SAST is while-box security testing. The tester has access to the underlying framework, design, and implementation. The application is tested from the inside out. This type of testing represents the developer approach.

DAST is black-box security testing. the tester has no knowledge of the technologies or frameworks that the application is built on. This type of testing represents the hacker approach.

2. SAST requires source code or binary without executing the application.

    DAST requires a running application to analyze it by executing the application.

3. SAST finds the vulnerabilities earlier in the SDLC. The code scan can be executed as soon as the code is deemed feature-complete.

DAST finds the vulnerabilities towards the end of the SDLC.

4. SAST is less expensive to fix the vulnerabilities because these are found at an early stage of SDLC.

DAST is more expensive to fix vulnerabilities because these are found at end of SDLC. Critical vulnerabilities may be fixed as an emergency release otherwise it can be pushed to the next release cycle.

5. SAST cannot find the run time-related issues whereas DAST can be used to find the Run time-related issues.






Labels:

COMMENTS

BLOGGER
Name

Ansible,6,AWS,1,Azure DevOps,1,Containerization with docker,2,DevOps,2,Docker Quiz,1,Docker Swarm,1,DockerCompose,1,ELK,2,git,2,Jira,1,Kubernetes,1,Kubernetes Quiz,5,SAST DAST Security Testing,1,SonarQube,3,Splunk,2,vagrant kubernetes,1,YAML Basics,1,
ltr
item
DevOpsWorld: SAST and DAST
SAST and DAST
DevOpsWorld
https://www.devopsworld.co.in/2022/02/sast-and-dast.html
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/2022/02/sast-and-dast.html
true
5997357714110665304
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content