From the course: Application Security in DevSecOps
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Continuous static testing
From the course: Application Security in DevSecOps
Continuous static testing
- [Instructor] Now I get to the fun part, where we get to learn about tools and do demos. We will walk through several types of application security testing, talk about what they are, how they can integrate into the CI pipeline, and then see each one in action. We will start with static security testing. Static Security Testing has been around quite a while and is one of the most familiar types of application security testing. It involves looking at the source code of the application and analyzing it for vulnerabilities. The advantage of it is that it is early in the process. The disadvantage is that some tools can get lost in the code and show a higher level of false positives until it's tuned. Since static security testing is code-based, it's a language-specific type of testing. You have to find the tool that is right for you that supports the languages that are used in your environment. These are some qualities…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
(Locked)
Continuous static testing4m 20s
-
(Locked)
Continuous dynamic testing4m 15s
-
(Locked)
Interactive application security testing4m 29s
-
(Locked)
Continuous secret scanning3m 41s
-
(Locked)
Continuous library security testing3m 45s
-
(Locked)
Continuous container security2m 41s
-
(Locked)
Continuous container security demo2m 27s
-
(Locked)
-
-