Why All SAST Products Suck! Find out before you compare SAST vendors (SAST vs DAST vs IAST vs SCA)

2 years ago
56

Learn from a 20+ year App Sec founder and leader before you buy your next SAST or Static Analysis Security Testing product!
Understand the fundamentals before comparing these products:
* CyberRes Fortify
* Checkmarx
* Perforce Klocwork
* Veracode
* Spectral SpectralOps
(CyberRes Fortify vs Checkmarx vs Perforce Klocwork vs Veracode vs Spectral SpectralOps)

- Chapters -
0:00 Intro
1:12 No One Tool
2:40 SAST 101
3:20 Why they suck
3:55 -Language support
5:00 -Depth vs Breadth
6:50 -Code is art
8:38 -Incomplete puzzle
10:48 -False Positives
11:20 Why they rock
12:50 Conclusion

This episode is part of a comprehensive series, where we each category of App Sec products:
* SAST: Static Application Security Testing
* DAST: Dynamic Application Security Testing
* IAST: Interactive Application Security Testing
* SCA: Software Composition Analysis
* WAF: Web Application Firewall
* RASP: Runtime Application Self-Protection (Next-Gen WAF)
* Manual Pen-Testing of Applications
(SAST vs DAST vs IAST vs SCA vs WAF vs RASP vs Pen-Testing)

The playlist - https://www.youtube.com/playlist?list=PLr15vRqvmtdW-LxrY_fFGNV8ub4_d_Qoc

To gain more valuable insights and resources from Dan On Dev
🌏 Our website
- https://danondev.com

💬 Social Media
- https://twitter.com/Dan_On_Dev
- https://instagram.com/dan_on_dev
- https://facebook.com/danondev

Loading comments...