So Many AppSec Testing Types, So Little Time

Logo
Presented by

Chris Campbell, Solution Architect at Veracode

About this talk

There is no AppSec silver bullet; effective AppSec requires leveraging the strengths of multiple testing types across the software lifecycle. Depending on one testing type would be like only checking your blood pressure and declaring yourself completely healthy. Each testing type –DAST, SAST, SCA, pen testing –has a role to play and detects different vulnerabilities. For instance, we recently reported that almost one-third of all our customers’ applications have more security findings in third-party libraries than in the native code base. Bottom line: relying only on static analysis and neglecting software composition analysis leaves you exposed. At the same time, juggling multiple vendors is a challenge. A recent ESG survey found that 72 percent of respondents are using more than 10 AppSec tools, leading to excessive time spent managing tools and a reduction in the effectiveness of the program. How can you most effectively manage a variety of AppSec testing types? Join this session to find out: •Why you need multiple AppSec testing types •The strengths of each testing type •The benefits of seeing results from all testing types in one place
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (396)
Subscribers (31055)
Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Prompted by powerful AI trained by trillions of lines of code, Veracode customers fix flaws faster with high accuracy. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means. Learn more at www.veracode.com