Security Archives - Page 6 of 12

IoT Security – A Contradiction in Terms

Posted on November 10, 2015 by Code Curmudgeon

The internet of things aka IoT has become the internet of hacks. More and more devices are being internet enabled. While this makes many...

Halloween Security Slashers Webinar

Posted on October 28, 2015 by Code Curmudgeon

I’m doing a Halloween themed Parasoft webinar this Friday on Stopping Software Security Slashers with Static Analysis. As always it’s a free webinar and...

Why We View AppSec Vulnerabilities As False

Posted on July 29, 2015 by Code Curmudgeon

I’d like to say a few things as a follow-up to my article on theoretical appsec vulnerabilities last week. The article generated some interesting...

Unscientific AppSec Pain Poll

Posted on July 28, 2015 by Code Curmudgeon

Here’s another one of my completely unscientific polls – this time about AppSec. I find it interesting to know what others think about these...

‹ Prev 1 … 4 5 6 7 8 … 12 Next ›

Definitioner

CAN (Controller Area Network): Controller Area Network aka CAN aka CAN Bus is a wiring standard for vehicles that enables communication between various components and devices without having a host computer. For example doors, brakes, transmission.
IAST: IAST is interactive application security testing. It's also been known variously as hybrid security testing, gray-box, and glass-box. This technique blends the inside-out approach of SAST with the outside-in approach of DAST to give you deep code-level visibility of a running application while it's in a real running state. This helps reduce false positives but still has the thoroughness limitations of black-box techniques in that it's only as good as the test suite being run in terms of coverage.
DAST: DAST tests an application for security vulnerabilities by monitoring and probing an application while it is actually running - thus the dynamic test. DAST starts from inputs and is a black-box or external view. This gives is a very realistic view of application behavior, but is difficult to be completely thorough. Penetration testing or pen-test is a common form of DAST.
SAST: SAST is security testing that is done on source, byte-code, or binaries but without actually executing them - thus the "static" testing. Typically this includes things like software metrics, static code analysis and even peer review. SAST provides a white-box or inside view to the application. It can both find possible vulnerabilities and weaknesses by looking for anti-patterns as well as enforcing secure software engineering standards by looking for proper patterns.