As a follow-up to my recent post on 5 Ways to Improve Your Security Program, I wanted to dig in more on the best practices for security testing.
- Static Application Security Testing (SAST): This is the testing of an application from the inside out. This method includes scanning source code, byte code, or application binaries for vulnerabilities.
- Dynamic Application Security Testing (DAST): This is the testing of an application from the outside in. This type of testing is done on a running application using a tool. In some cases adding human expertise on top of the penetration testing software.
When done correctly, both of these testing approaches are equally important. For the purpose of this blog, we are going to discuss our approach to DAST.