Application security testing (AST) is the process of making applications more resistant to security threats. AST is achieved by identifying security weaknesses and vulnerabilities in source code.
Initially a manual process, most organizations now automate application security testing throughout the software development lifecycle using a variety of application security testing tools.
Application security testing tools include
-
Static application security testing (SAST)
-
Dynamic application security testing (DAST)
-
Mobile application security testing (MAST)
-
Interactive application security testing (IAST)
Application security testing best practices
Application security testing best practices include
-
Testing internal interfaces, not just APIs and UIs
-
Regular testing of code and third-party components
-
Limiting user access to data
-
Integrating patching into your CI/CD