Automated Finding Correlation: SAST, DAST, and IAST Overlap in Application Security
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the overlap between different scanning technologies in this insightful conference talk. Delve into the automated correlation of findings from Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST). Discover the unique advantages of each technology and learn whether a single solution can address all security needs. Gain valuable insights into the commonalities and differences in vulnerability detection across these tools, and understand how leveraging multiple technologies can streamline the remediation process. Examine real-world results from the OWASP Benchmark project, providing context for the effectiveness of each approach. Uncover the benefits of automated correlation for both developers and security experts, and explore how this knowledge can reduce workload and accelerate vulnerability resolution.
Syllabus
Intro
Why adding IAST?
Auto Correlations - Goal
OWASP Benchmark - Context
OWASP Benchmark - Process
OWASP Benchmark - Results
Pulling the Curtain
OWASP Benchmark - The Report
Taught by
OWASP Foundation
Related Courses
Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld SystemsVanderbilt University via Coursera Engineering Maintainable Android Apps
Vanderbilt University via Coursera Software Design as an Element of the Software Development Lifecycle
University of Colorado System via Coursera Secure Software Development
Pluralsight Secure Software Concepts for CSSLPĀ®
Pluralsight