Skip to content

DevSecOps

Jump to bottom
FeIix edited this page Apr 29, 2026 · 5 revisions

DevSecOps - Addressing Security Challenges in a Fast Evolving Landscape White Paper

image

Software Security

  • SAST - Static Application Security Testing
  • DAST - Dynamic Application Security Testing
SAST (Static) DAST (Dynamic)
Testing Approach White-box (inside-out) Black-box (outside-in)
How Scan source code without executing Simulate attacks by interacting with running
Visibility Full access to source code/binaries No access to source code needed
When it occurs Early in the SDLC (coding/build) Later in the SDLC (testing/prod)
Vulnerabilities Code-level flaws (e.g., hardcoded secrets) Runtime flaws (e.g., server configs)
Tools SonarQube, FindSecurityBugs and Snyk Code OWASP ZAP, Burp Suite, and StackHawk
  • Fuzzing Testing
Fuzzing
How Bombard a program with invalid, unexpected, or random data as inputs
Goal Trigger crashes, memory leaks, or failing code assertions to uncover hidden bugs and security vulnerabilities
Tools Mutiny

Clone this wiki locally