Security Testing

Dynamic Application Security Testing (DAST) is a security testing method that analyses a running application from the outside to identify vulnerabilities by simulating real-world attacks.

Further reading Top 8 penetration testing tools (Snyk Blog)

Further reading Top 8 penetration testing tools (Snyk Blog)

OWASP (Open Web Application Security Project) is a non-profit organisation and online community dedicated to providing open-source solutions to help build secure web applications. Further reading OWASP Top Ten

Penetration testing (or pen testing) is a security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a computer system. The purpose of this simulated attack is to identify any weak spots in a system’s defenses which attackers could take advantage of. This is like a bank hiring someone to dress as a burglar and try to break into their building and gain access to the vault. If the ‘burglar’ succeeds and gets into the bank or the vault, the bank will gain valuable information on how they need to tighten their security measures. ...

Software Composition Analysis (SCA) is a software vulnerability testing method. Further reading Software Composition Analysis (Wikipedia) What is SCA? (Palo Alto Networks) SAST vs. SCA testing: What’s the difference? Can they be combined? - Snyk blog

Static Application Security Testing (SAST) is a security testing method that involves scanning the source code or binary code of an application to identify vulnerabilities before the application is deployed to production.

Further reading Security Testing - UK Cyber Security Council Continually test your security - NCSC Penetration testing - NCSC Guidance Perform security​ testing - Microsoft Security Engineering

Zed Attack Proxy is a free and open-source web app scanner, originally developed within the OWASP community, with the project now managed by Checkmarx. Further reading Top 8 penetration testing tools (Snyk Blog) ZAP (Wikipedia) Zed Attack Proxy, by CheckMarx Install ZAP on MacOS (Homebrew) Related pages OWASP