New Training: Software Assurance Best Practices
In this 13-video skill, CBT Nuggets trainer Ben Finkel covers software assurance and quality assurance for mobile applications, web applications, client and server applications, and firmware. Gain an understanding of the Software Development Life Cycle (SDLC), Static Application Security Testing (SAST), Service Oriented Architecture (SOA), DevSecOps, and more. Watch this new CompTIA training.
Watch the full course: CompTIA Cybersecurity Analyst
This training includes:
1.2 hours of training
You’ll learn these topics in this skill:
Software Assurance Best Practices
General Software Assurance Strategies
Assuring Mobile Software
Web and Client/Server Application Assurance
Assuring Firmware and Embedded Systems
Integrating with Software Development Life Cycle (SDLC)
Software Assessment and Testing Methodologies
Protecting Software Input and Output
Using Authentication and Data Protection
Static Application Security Testing (SAST)
Dynamic Analysis Tools
Service Oriented Architecture (SOA)
What is Static Application Security Testing?
Static Application Security Testing or SAST is a software vulnerability testing methodology designed to expose security threats and vulnerabilities. What makes SAST characteristically different from other security testing methodologies is that SAST aims to uncover security vulnerabilities early in the coding lifecycle. To accomplish this, coders can run SAST testing strategies in real-time as they write code even if the application doesn't compile or run.
The great benefit of this testing strategy is to identify and nullify security vulnerabilities while development teams write code to attempt to remove potential risks that could propagate later in the development process. Often, teams that do not implement SAST bake in security vulnerabilities at the code layer that are either challengings to remedy later on in the code lifecycle or go unnoticed until the vulnerability is leveraged in a cyberattack. By using SAST, organizations can add in an early layer of protection that promotes fewer security vulnerabilities and enhances healthy coding practices.