What Good is this Tool? A Guide to Choosing the Right Application Security Testing Tools

No ratings

Presented at LASCON 2014 by

Kevin Fealey

Choosing the right Application Security Testing (AST) tool can be challenging for any security program, and after rolling it out, discovering the real security value it brings can be downright discouraging. No single tool can solve all of all of your security problems, but unfortunately, that is exactly how many of them are marketed. This is compounded by sales teams who convince executive leadership that security programs should be built around their tools, rather than fitting each tool within a well-planned security program. The primary takeaways from this talk are: • An understanding the real value of each type of AST tool (SAST, DAST, IAST); • How to leverage your tools for better security visibility and process efficiency; • Steps to find the right tool for your security program; • Keys to finding the best stage of the SDLC to implement each tool type within your security program; • How to integrate new tools with your existing DevOps or Agile environments and processes