Best practices in using SAST, DAST, IAST and RASP Tools

Review of SAST, DAST, IAST and RASP tools out there at the moment and how an organisation can cherry pick the best of each to give a cost effective appsec vulnerability management capability that meets their needs.


There are many tools that can help an oganisation to check vulnerabilities in their software. Each tool has a specific place where it will be applied, and you will hace many findings to analise and track.

Potential outcomes

  • CheatSheets for tools usage? (can this be done in an agnostic way?)
  • Adding tools in a CI Pipeline effectively? (how/where?)
  • Integration with visualization tools/IDEs?
  • Howto parse and filter results? (recommendations for writing specific tests?)


  • AppSec professionals
  • *ST and RASP service providers
  • Consulting companies
  • Standards bodies

Related Working Session(s)

Back to list of all Working Sessions and Tracks

Edit this page here