SIGN IN YOUR ACCOUNT TO HAVE ACCESS TO DIFFERENT FEATURES

FORGOT YOUR PASSWORD?

FORGOT YOUR DETAILS?

AAH, WAIT, I REMEMBER NOW!
Need Help? Email [email protected]
  • LOGIN

E-SPIN Group

CONTACT US / GET A QUOTE
  • No products in cart.
  • HOME
  • PROFILE
    • Corporate Profile
    • About us
    • Customer Overview
    • Case Studies
    • Investor Relations
    • Procurement
  • GLOBAL THEMES
    • Artificial Intelligence (AI)
    • Big Data
    • Blockchain
    • Cloud Computing
    • Cognitive Computing
    • Cyber Security
    • DevSecOps
    • Digital Transformation (DT)
    • Modern Workplace
    • Internet of Things (IoT)
    • Quantum Computing
    • More theme and feature topics
  • SOLUTIONS
    • Application Lifecycle Management (ALM), DevSecOps/VSM, Application Security
      • Application Security
      • DevSecOps
      • Digital Forensics
      • Secure Development
    • Cybersecurity, Governance Risk Compliance (GRC) and Resiliency
      • Governance, Risk Management and Compliance (GRC)
      • Malware Analysis and Reverse Engineering
      • Security Information & Event Management (SIEM)
      • Security Configuration Management (SCM)
      • Threat, Risk and Vulnerability Management
      • Penetration Testing and Ethical Hacking
    • Modern Infrastructure, NetOps
      • Network Performance Monitoring and Diagnostics (NPMD)
      • IT Operations Management (ITOM)
      • Network Operation (NetOps)
      • Network Management System (NMS)
    • Modern Workspace & Future of Work
      • Digital Workspace
      • End User Computing (EUC)
      • Securing Hybrid Workforce
      • Unified Endpoint Management (UEM)
      • User Activity Monitoring (UAM)
  • INDUSTRIES
    • Aerospace & Defense
    • Automotive
    • Banking & Financial Markets
    • Chemical & Petroleum
    • Commercial and Professional Services
    • Construction & Real Estate
    • Consumer Products
    • Education
    • Electronics
    • Energy & Utilities
    • Food & Beverage
    • Information Technology
    • Insurance
    • Healthcare
    • Goverment
    • Telecommunications
    • Transportation
    • Travel
    • Manufacturing
    • Media & Entertainment
    • Mining & Natural Resources
    • Life Sciences
    • Retail
  • PRODUCTS
    • Hidden Menu
      • Brand Overview
      • Services Overview
      • E-SPIN Product Line Card
      • E-SPIN Ecosystem World Solution Portfolio Overview
      • GitLab (DevOps, DevSecOps, VSM)
      • Hex-Rays (IDA Pro, Hex-Rays Decompiler)
      • Immunity (Canvas, Silica, Innuendo)
      • Parasoft (automated software testing, AppSec)
      • Tenable (Enterprise Vulnerability Management)
      • Veracode (Application Security Testing)
    • Cybersecurity, App Lifecycle, AppSec Management
      • Cerbero Labs (Cerbero Suite)
      • Core Security (Core Impact, Cobalt Strike)
      • HCL (AppScan, BigFix)
      • Invicti (Acunetix, Netsparker)
      • ImmuniWeb
      • UBsecure (Vex)
      • Portswigger (Burp Suite Pro, Burp Suite Enterprise)
      • Titania (Nipper Studio)
      • TSFactory (User Activity Monitoring)
    • Infrastructure, Network, Wireless, Cloud Management
      • Metageek (Wi-Spy, Chanalyzer, Eye P.A.)
      • Progress (WhatsUp Gold, WS_FTP, MOVEit MFT)
      • Paessler
      • Solarwinds (IT Management)
      • TamoSoft (wireless site survey)
      • Visiwave (wireless site survey, traffic analysis)
      • VMware (Virtualization, cloud mgt, Digital Workspace)
    • Platform products
      • Adobe (Digital Media Creation)
      • Micro Focus
      • Microsoft
      • Red Hat (Enterprise Linux, OpenStack, OpenShift, Ansible,JBoss)
      • SecHard
      • SUSE (Enterprise Linux, Rancher)
      • Show All The Brands and Products (Full)
  • e-STORE
    • e-STORE
    • eSTORE Guide
    • SUPPORT
  • CAREERS
    • Culture, Values and CSR
    • How We Hire
    • Job Openings
  • BLOG / NEWS
    • Blogs and News
    • Resources Library
    • Calendar of Events
  • CONTACT
  • Home
  • Global Themes and Feature Topics
  • Future of Application security testing (AST)
0
E-SPIN
Wednesday, 18 May 2022 / Published in Global Themes and Feature Topics, Industries

Future of Application security testing (AST)

Today’s post let’s talk about Future of Application security testing (AST). As background information for those who are new to the topic, application security testing (AST) is a domain with a variety of approaches. For those focus on static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), mobile application security testing (Mobile AST) and manual application security testing (MAST) to name just a few branches of it. Overall, the aim is the same, to make sure for the application security via the security testing and assessment via the automated testing script or match the findings to verify whether a specific vulnerability exists and report them.

DevSecOps or secure DevOps is been in the market for some period of time, where provide highly efficient and effective in handle entire software development lifecycle (SDLC) from the source code management (SCM) to CI/CD tool chain (for continuous innovation and continuous delivery) for the modern agile driven software development lifecycle (SDLC). The original success and proven use of the DevOps for massive time saving for the automation and seamless integration, make it possible to put AST on top of DevOps, for those who practice DevSecOps or secure DevOps become possible. 

All AST vendors are under the pressure to make their product capable of performing trigger scanning via the API integration into DevOps. With the trend going on, the mass of the AST tasks will be automated, that is where the direction goes.

For the good side, enterprises save a lot of the time to let what automated scanner roles change from security testing officer to automated DevSecOps, or under the strong influence by the software developer, which result in faster software application development lifecycle (SDLC). For those application security testing officers, no one really knows how to perform value-added manual application security testing (MAST) and application penetration testing, unless the enterprise has other tasks for them to do, else, the said officer position will be at risk. For those who are really possess and know how to perform various manual application security testing and penetration testing, you no need to worry, because despite under the strong trend toward seamless integration and automation with DevSecOps, but medium to large enterprise remain needed your competency, as automated AST can not perform all the testing via script and signature matching basis. A lot of vulnerabilities required manual application security testing to discover, just like how real hackers did on a manual exploit basis.

Purely knowing how to make use of automated security testing tools to perform automated scanning and knowing about how to perform manual application security testing and knowing how to perform vulnerability validation and verification, or penetration testing are two different levels of competency. As you can expected, purely knowing how to use automated testing tool and accept whatever it report and you do not know how to manual test them, or know how to complement the limit of automated scanner, such as cover those areas can not be automated scripting and signature testing, that the value attached to the person who can perform that roles and duties. If DevSecOps automated the process, without doubt, the person who will be staying is the one who can perform MAST and pentesting. Since the coming of your enterprise is yet to be initiated, sooner or later, DevSecOps will be here to stay. Unless your enterprise does not develop its own application, yet it is unlikely do not automated it.

Most of the existing features such as a beautiful dashboard etc may become features of the past, as what matters most will be from a software development life cycle perspective kind of dashboard. Unless for some reason, AST remains isolated from the agile SDLC. It is hard for those who never expose themselves to how software developers use SCM to CI/CD to understand how the security testing is automated inside the DevSecOps, unless you go to get your hands dirty and realize the benefits of it, and why MAST and pentesting will remain in value. If you have the opportunity, as the E-SPIN existing customer, feel free to join E-SPIN various hand-on labs and workshops organized here and there to get yourself acquired the said first experience.

E-SPIN Group in the enterprise ICT solution supply, consultancy, project management, training and maintenance for corporation and government agencies did business across the region and via the channel.  Feel free to contact E-SPIN for your project requirement and inquiry.

Other post you may be interest:

  1. From source code management to DevSecOps
  2. From DevSecOps to Value Stream Management
  3. Pipeline Security: DevSecOps pipeline
  4. Trends make DevSecOps in the mainstream adoption
  5. Shift Left Security accelerated as world toward DevSecOps
Tagged under: Application Security Testing (AST), Continuous Delivery (CD), Continuous Integration (CI), DevSecOps, Dynamic Application Security Testing (DAST), Source Code Management (SCM), Static Application Security Testing (SAST)

What you can read next

Superapps as an Empowering Technology in Business
What Everyone Should Know About Cognitive Computing
What Everyone Should Know About Cognitive Computing
E-SPIN Unified Vulnerability Management (UVM) Explained
Legacy companies must reinvent or die under digital transformation era

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Debt Defaults and China’s Economic Power: Unraveling the Consequences and Future Implications

    In July 2022, Sri Lanka’s default on its ...
  • Impact of Cryptocurrency to Financial Industry

    Hong Kong Embraces Cryptocurrency: Retail Trading Approved and Tax Policies Introduced

    The Hong Kong government has recently given the...
  • The Era of Free Education

    Closing the Education to Employment Gap: Strategies for Success in the Modern Workforce

    The Education to Employment gap is a prevalent ...
  • Towards AI-powered DevSecOps: GitLab 16 Releases and Updates

    As GitLab’s dedicated partner, E-SPIN pro...
  • Application Performance Management (APM) for enhanced application performance

    Web applications have become essential tools fo...

Recent Comments

  • Henry Lee on Burp Suite Price Rise Notice
  • JEAN ARIANE H. EVANGELISTA on E-SPIN Wishes all Filipino Araw ng Kagitingan 2022
  • Ira Camille Arellano on E-SPIN Wishes all Filipino Araw ng Kagitingan 2022
  • NKIRU OKEKE on Top 5 Challenges in the Consumer Products Industry
  • Md Abul Quashem on Types of Online Banking or E-Banking

Archives

  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • March 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • January 2015
  • December 2014
  • October 2014
  • September 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • July 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • February 2012
  • July 2011
  • June 2011

Categories

  • Acunetix
  • Adobe
  • Aerospace and Defence
  • AppSec Labs
  • Automotive
  • Banking and Financial Markets
  • Brand
  • Case Studies
  • Cerbero Labs
  • Chemical and petroleum
  • Codified Security
  • Commercial and Professional Services
  • Construction and Real Estate
  • Consumer products
  • Contact Us
  • Core Impact
  • Core Security
  • DBeaver
  • DefenseCode
  • DSquare Security
  • DSquare Security
  • E-Lock
  • Education
  • Electronics
  • Energy and utilities
  • Excelledia
  • FAQ
  • Food and Beverage (F&B)
  • GFI
  • GitLab
  • Global Themes and Feature Topics
  • Government
  • HCL
  • Healthcare
  • Hex-Rays
  • IBM
  • Immunity
  • ImmuniWeb
  • Industries
  • Information Technology
  • Insurance
  • Invicti
  • Ipswitch
  • Isorobot
  • JetBrains
  • Job
  • Life Science
  • LiveAction
  • Magnet forensics
  • Manufacturing
  • McAfee
  • Media and Entertainment
  • Metageek
  • Micro Focus
  • Microsoft
  • Mining and Natural Resources
  • Nessus
  • Netsparker
  • News
  • Nutanix
  • Paessler
  • Parasoft
  • PortSwigger
  • Pradeo
  • Product
  • Progress
  • Rapid7
  • RedHat
  • Retail
  • Retina
  • Riverbed
  • RSA
  • SecHard
  • Security Innovation
  • Security Roots
  • Services
  • SILICA
  • Soft Activity
  • SolarWinds
  • Solution
  • SUSE
  • Symantec
  • TamoSoft
  • Telecommunications
  • Tenable
  • Titania
  • Transportation
  • Travel
  • Trend Micro
  • Trustwave
  • TSFactory
  • UBsecure
  • Uncategorized
  • Vandyke
  • Veracode
  • Videos
  • VisiWave
  • VMware
  • Webinar Archive

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

CORPORATE

  • Profile
  • About us
  • Investor Relations
  • Procurement

SOLUTIONS & PRODUCTS

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services
  • Case Studies

STORE & SUPPORT

  • Shop
  • Cart
  • Checkout
  • My Account
  • Support

PRODUCTS & SERVICES

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services
  • Case Studies

FOLLOW US

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • YouTube
  • WordPress Blog
© 2005 - 2023 E-SPIN Group of Companies | All rights reserved.
E-SPIN refers to the global organisation, and may refer to one or more of the member firms of E-SPIN Group of Companies, each of which is a separate legal entity.
  • Contact
  • Privacy
  • Terms of use
TOP