Security Testing importance and how can we include in Automation

Creating this topic to hear the importance of Security Testing.

How to include security testing in SDLC.

Testing Tools available in market for Dynamic Application Security Testing

Vijitha - we currently use a SAST tool in our organization for security testing of Code and a Dast tool as well. We have plans to use an IAST tool as well for our UI security.

1 Like

Wow great to know👍 Which DAST tool are you using??

My apologies for the delay,Vijitha, we are currently using Qualys for the DAST, and Checkmarx for the SAST

1 Like

No worries! Thank you for the details :+1:t2:

The importance of Security testing is basically the same as the importance of testing.
Expect with security there could be some huge legal issues in the end. Sensitive data exposure, GDPR, etc etc …

How we cover it in our S(secure)SDLC:

  • We use OWASP ZAP as a web spider & vulnerability scanner
  • We use either Snyk or WhiteSource for package/dependecies scans
  • We have extra functional tests also automated (for example in Postman)

All added in the pipeline. Does it end here? Not at all, since we are no 'security experts or professional pen-testers, we still hire them to test our applications frequently.

Kind regards
Kristof

1 Like

Thank you @kristof for sharing the details.
As you said there is a saying
"Security is always excessive until it’s not enough.”-by Robbie Sinclair,

1 Like