SAST vs DAST vs IAST vs RASP vs SCA | App Security | Comparison between SAST, DAST, IAST, RASP, SCA
HTML-код
- Опубликовано: 11 окт 2024
- This video provides a comparison between the following application security practices:
SAST - Static Application Security Testing
DAST - Dynamic Application Security Testing
IAST - Interactive Application Security Testing
RASP - Realtime Application Self Protection
SCA - Software Composition Testing
Software Composition Analysis (SCA): • Software Composition A...
Cyber Security Interview Questions and Answers Playlist: • CyberSecurity Intervie...
Subscribe here: / @cyberplatter8980
CyberPlatter Discord Channel: / discord
Application Security Testing
Your brief summary is very helpful for introducing these approaches to people. I used it for upleveling my team's knowledge today. Your SCA description easily and accurately describes scan-based SCA solutions. Your IAST description does a good job of describing Active IAST (DAST invoked). Your RASP description is quite accurate and can additionally be used to describe Passive IAST (normal functional usage invoked). Certain vendors (e.g. Dynatrace) have Runtime SCA, Passive IAST, and RASP implementations that are made for production usage with less than 1% overhead ... Runtime SCA reduces Scan-based SCA false positives by up to 85% and reprioritizes the remaining 15% based on the manner in which the vulnerable part of the library code executes and is reachable ... when used in production, Passive IAST reduces false negatives significantly over pre-production Passive and Active IAST ... and RASP that alerts only when a well-formed attack reaches a vulnerable line of code reduces false positive alarms by over 99.9%. Happy to chat more if you wish. www.linkedin.com/in/eriknklein/
Wonderful!!Very good analysis in just one pager
Nice thank you for this video
Thanks for the informative video
Glad it was helpful!
Good👍👍👍
Thank you!
There is no link for SAST or DAST ?