Dynamic Application Security Testing (DAST) also called Black Box Testing is a testing practice that will test the application by executing your web application. As we know, In SAST, a Web application will be tested inside the application which doesn’t even require that the application should be running. So, when we do Dynamic Analysis, we […]
As part of the DevSecOps implementation in the CICD pipeline, Scanning the Source code and performing Static Analysis SAST is important. SAST is basically Whitebox testing which will be performed on source code. This will help in finding very important vulnerabilities in the source code. Specifically, vulnerabilities defined by OWASP Top 10 should be mitigated.
DevOps is fine! Now we got to include the security in the DevOps process. Hence we got DevSecOps. We talked about DevSecOps a lot. But If you want to become an expert in DevSecOps, you need a Road Map to learn. As part of the Road Map to DevSecOps, this is part -1, talking about
OWASP ZAP (Zad Attack Proxy) is an opensource Dynamic Application Security Testing (DAST) tool. This will be sitting between web application and end-user and help to identify security vulnerabilities in web application design and architecture. As the name goes, this is Open Web Application Security Project (OWASP) projects. ZAP is one of the successful proxy
As part of the current Software application development approach, Security is one of the concerns we should take as serious. The Internet is growing with threats. We must secure our application from those threats in all the possible ways. If we have some structured approach like DevOps for Software development, it will be easy to
What Is DevSecOps? DevSecOps is a practice that combines principles of DevOps and IT security to ensure faster and quality delivery along with secured software product. Before getting into this, Let’s recollect the terms and words. Recollect DevOps. DevOps, Is a practice that combines Software Development and IT operations to quickly deliver new features, bug