Best practices in using SAST, DAST, IAST and RASP Tools
Review of SAST, DAST, IAST and RASP tools out there at the moment and how an organisation can cherry pick the best of each to give a cost effective appsec vulnerability management capability that meets their needs.
There are many tools that can help an oganisation to check vulnerabilities in their software. Each tool has a specific place where it will be applied, and you will hace many findings to analise and track.
- CheatSheets for tools usage? (can this be done in an agnostic way?)
- Adding tools in a CI Pipeline effectively? (how/where?)
- Integration with visualization tools/IDEs?
- Howto parse and filter results? (recommendations for writing specific tests?)
- AppSec professionals
- *ST and RASP service providers
- Consulting companies
- Standards bodies
Related Working Session(s)
- Integrating Security Tools in the SDL
- Securing the CI Pipeline
Back to list of all Working Sessions and Tracks
Edit this page here