Application Security

Application Security testing focuses on identifying application and configuration vulnerabilities that could lead to security issues. The goal of the reviews is to identify as many potential security vulnerabilities as possible. Application Security Testing can be performed using both or anyone of the below mentioned approaches/methods:

·         Tool Based Scan/Vulnerability Scan:  In the tool based scan or vulnerability scan a tool is used to perform the security checks on the application.

·         Manual Security Scan/Penetration testing : The penetration testing or manual security scan is a method where the application is exploited manually with the use of proxy tools. Findings flaws in the design and business logic.

Further, there are two ways to perform the Application Security Testing: - Static and Dynamic. Depending on the stage of the application in SDLC cycle, any one way can be used.

·         Static Analysis: Static Analysis also termed as Static application security testing (SAST) can be thought of as testing the application from the inside out – by examining its source code, byte code or application binaries for conditions indicative of a security vulnerability.

·         Dynamic Analysis: Dynamic Analysis also termed as Dynamic application security testing (DAST) can be thought of as testing the application from the outside in – by examining the application in its running state and trying to poke it and prod it in unexpected ways in order to discover security vulnerabilities