Secure, Resilient, and Agile Software Development

Chapter 9 Testing Part 2: Penetration Testing/Dynamic Analysis/IAST/RASP

In Chapter 8 we looked at a number of ways to conduct static testing on custom-developed applications when design documentation and source code are available to the testing teams and security experts. In this chapter we shift the focus to dynamic application security testing (DAST), along with some runtime security controls that serve as additional layers of Defense in Depth.

9.1 Chapter Overview

In Chapter 9 we’ll look at the other side of the coin for application testing— DAST—that actively attacks a running application. You need both SAST and DAST for a 360-degree view of how your application is built and how it behaves.

DAST tools are a form of penetration testing ...

Get Secure, Resilient, and Agile Software Development now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Secure, Resilient, and Agile Software Development by Mark Merkow

Chapter 9

Testing Part 2: Penetration Testing/Dynamic Analysis/IAST/RASP

9.1 Chapter Overview

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly