Best practices in using SAST, DAST, IAST and RASP Tools


This Working Session will review SAST, DAST, IAST, and RASP tools currently available. The Session will also discuss how an organisation can cherry-pick the best of each tool to give a cost-effective appsec vulnerability management capability that meets their needs.

Why

There are many tools that can help an organisation to check vulnerabilities in their software. Each tool has a specific place where it will be applied, and will yield many findings to analyse and track.

What

  • Create cheat sheets for tools usage? (Can this be done in an agnostic way?)
  • How and where to add tools in a CI pipeline effectively?
  • Integration with visualization tools/IDEs?
  • How to parse and filter results?
  • Draft recommendations for writing specific tests

Outcomes

  • Cheat sheets for tools usage
  • Draft recommendations for writing specific tests

Who

The target audience for this Working Session is:

  • AppSec professionals
  • ST and RASP service providers
  • Consulting companies
  • Standards bodies

Working materials

  • Draft cheat sheets for tools usage
  • Draft recommendations for writing specific tests (please add as much information as possible before the sessions)

Related Working Session(s)



Back to list of all Working Sessions and Tracks

Edit this page here