Search results
Results from the WOW.Com Content Network
The Web Application Security Consortium's Static Code Analysis Tool List; SAMATE-Source Code Security Analyzers; SATE – Static Analysis Tool Exposition "A Comparison of Bug Finding Tools for Java", by Nick Rutar, Christian Almazan, and Jeff Foster, University of Maryland. Compares Bandera, ESC/Java 2, FindBugs, JLint, and PMD.
Unlike dynamic application security testing (DAST) tools for black-box testing of application functionality, SAST tools focus on the code content of the application, white-box testing. A SAST tool scans the source code of applications and its components to identify potential security vulnerabilities in their software and architecture.
These guides, when implemented, enhance security for software, hardware, physical and logical architectures to further reduce vulnerabilities. Examples where STIGs would be of benefit is in the configuration of a desktop computer or an enterprise server.
The Extensible Configuration Checklist Description Format (XCCDF) is an XML format specifying security checklists, benchmarks and configuration documentation. XCCDF development is being pursued by NIST , the NSA , The MITRE Corporation , and the US Department of Homeland Security .
Fuzzing tools are commonly used for input testing. [7] Interactive application security testing (IAST) assesses applications from within using software instrumentation. This combines the strengths of both SAST and DAST methods as well as providing access to code, HTTP traffic, library information, backend connections and configuration information.
Black-box testing, sometimes referred to as specification-based testing, [1] is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied virtually to every level of software testing: unit, integration, system and acceptance.
In the application security industry the name static application security testing (SAST) is also used. SAST is an important part of Security Development Lifecycles (SDLs) such as the SDL defined by Microsoft [11] and a common practice in software companies. [12]
The Linux Desktop Testing Project (LDTP) is a testing tool that uses computer assistive technology [7] to automate graphical user interface (GUI) testing. [8] The GUI functionality of an application can be tested in Linux , macOS , Windows , Solaris , FreeBSD , and embedded system environments. [ 9 ]