SAST vs DAST vs IAST vs RASP vs SCA | App Security | Comparison between SAST, DAST, IAST, RASP, SCA

Your brief summary is very helpful for introducing these approaches to people. I used it for upleveling my team's knowledge today. Your SCA description easily and accurately describes scan-based SCA solutions. Your IAST description does a good job of describing Active IAST (DAST invoked). Your RASP description is quite accurate and can additionally be used to describe Passive IAST (normal functional usage invoked). Certain vendors (e.g. Dynatrace) have Runtime SCA, Passive IAST, and RASP implementations that are made for production usage with less than 1% overhead ... Runtime SCA reduces Scan-based SCA false positives by up to 85% and reprioritizes the remaining 15% based on the manner in which the vulnerable part of the library code executes and is reachable ... when used in production, Passive IAST reduces false negatives significantly over pre-production Passive and Active IAST ... and RASP that alerts only when a well-formed attack reaches a vulnerable line of code reduces false positive alarms by over 99.9%. Happy to chat more if you wish. www.linkedin.com/in/eriknklein/

Wonderful!!Very good analysis in just one pager

Nice thank you for this video

Thanks for the informative video

Good👍👍👍

There is no link for SAST or DAST ?