Debunking the AppSec Silver Bullet Myth

Presented by

Brittany O'Shea | Product Marketing Manager at Veracode

About this talk

There is no AppSec silver bullet. Each analysis type – static analysis, dynamic analysis, software composition analysis, interactive analysis, and penetration testing – has a role to play, and they all work together to fully secure your application layer. The different analysis types have different strengths in finding security issues, and they lend themselves to different stages of the SDLC. For instance, we recommend that you shift left to catch issues as early as possible because they are cheaper to fix. However, when scanning only parts of the application, you don’t have the full scope of the application. It’s like providing feedback on one chapter of a book without knowing the other chapters. You can provide feedback if it makes sense, but you can’t assess it in the context of all of the other chapters. The same is true for application security. That’s why you need to scan parts early but also scan when the application is fully assembled. Join this session to find out: •The strengths and weaknesses of the different AppSec analysis types •Where each analysis type fits in the SDLC •Why pipeline integrations are critical

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (376)
Subscribers (30510)
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.