Common Approaches to Automated Application Security Testing – SAST and DAST

When planning a testing strategy for an application, it is important to evaluate the applicability and likely effectiveness of the various testing approach options. The two most common approaches to automated application security testing are static application security testing (SAST) and dynamic application security testing (DAST).

SAST involves testing application artifacts – such as source code or application binaries – at rest. The testing tool reviews the application source or binary to build a model, and then performs various types of analyses such as semantic, data flow, or control flow to identify potential vulnerabilities based on a set of rules tuned for the type of application, language, and application framework in use. DAST involves testing a running application by sending inputs and analyzing the application’s responses to see if those request/response patterns indicate the presence of security vulnerabilities.

About Denim Group

Denim Group is the leading secure software development firm, serving as a trusted advisor to customers on matters of software risk and security. The company builds software for the most security conscious while helping organizations assess and mitigate risk within their existing software. Denim Group's flagship ThreadFix product accelerates the process of software vulnerability remediation, reflecting the company's rich understanding of what it takes to fix application vulnerabilities faster. Denim Group has emerged as a strong contributor to the larger application security community and has actively participated in the Open Web Application Security Project (OWASP) since shortly after its inception.

Among many other awards, Denim Group has landed on the "Inc. 5000" list - which recognizes the country's 5000 fastest-growing private companies - for five years in a row. In addition, the San Antonio Business Journal named Denim Group as one of the "Best Places to Work" in the city.

###

Denim Group is a registered service mark of Denim Group, Ltd.
Other names and brands may be claimed as the property of others.