SAST, DAST, SCA … is this really necessary?

Presented by

Julian Totzek-Hallhuber, Senior Principal Solution Architect

About this talk

In a word, yes. Would you consider yourself 100 percent healthy after one blood pressure check? No, you’d need to see more test results! Similarly, you can’t call your software secure after one static analysis test, or one pen test. Each testing type looks for different vulnerabilities, meaning multiple testing types are required for effective application security. And we now have some new data to back up that claim. Join this session to find out: • Our data on the fix rates of organizations that employ multiple testing types vs. those that use just one • Why you need multiple testing types • How and when the different testing types work together throughout the software lifecycle. Interested in learning more about the findings from this year's SOSS report? Tune into sessions from this year's Hot SOSS virtual summit:
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (396)
Subscribers (31074)
Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Prompted by powerful AI trained by trillions of lines of code, Veracode customers fix flaws faster with high accuracy. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means. Learn more at