CIOAdvisor Apac

  • Home
  • Vendors
  • News
  • Conference
  • Whitepapers
  • Newsletter
  • Subscribe
  • About Us
  • Specials

  • Menu
      • Ad Management
      • Application Security Testing
      • Artificial Intelligence
      • BPO
      • Contact Center
      • Data Analytics
      • Deep Learning
      • Digital Marketing
      • Digital Transformation
      • Disaster Recovery Services
      • Disinfection and Sanitization
      • E-Invoicing
      • Ecommerce
      • Govt Tech
      • HubSpot
      • Human Resource
      • ICT
      • IoT
      • Laser and Photonics
      • Leadership Development
      • Logistics
      • Machine Learning
      • Marketing Technology
      • Mobile Application
      • Parking Management
      • Payment And Card
      • SDN
      • Telecom
  • Digital Transformation
  • Logistics
  • IoT
  • Payment And Card
  • Artificial Intelligence
Specials
  • Specials

  • Ad Management
  • Application Security Testing
  • Artificial Intelligence
  • BPO
  • Contact Center
  • Data Analytics
  • Deep Learning
  • Digital Marketing
  • Digital Transformation
  • Disaster Recovery Services
  • Disinfection and Sanitization
  • E-Invoicing
  • Ecommerce
  • Govt Tech
  • HubSpot
  • Human Resource
  • ICT
  • IoT
  • Laser and Photonics
  • Leadership Development
  • Logistics
  • Machine Learning
  • Marketing Technology
  • Mobile Application
  • Parking Management
  • Payment And Card
  • SDN
  • Telecom
×
#

CIO Advisor APAC Weekly Brief

Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from CIO Advisor APAC

Subscribe

loading
  • Home
  • News
Editor's Pick (1 - 4 of 8)
left
Mobile Technology enriching Digital Travel Experience

Michael Kubasik, Executive Vice President & CIO, Travel and Transport, Inc.

Technology Keys to Building a Disruptive Networked Business

Robert Crudup, EVP & CIO, SEI Investment Company

Evolution of Technology in the Wealth Management Space

Uday Shankar, CIO, BNY Mellon Wealth Management

MOBILE APPS IN THE NEW DECADE

Bibaswan Banerjee, Director, CRM and User Analytics, Klook

How 5G+ blockchain+ IoT+ Mobile apps and devices are about to lead us to a Passport of Things

Maurice Audinet, Head of Digital Transformation, Jurlique Hong Kong Limited

DevOps - It's not about the Technology: Lessons from the Frontline

Matthew Taloni, Head of Technology - Software Engineering, Prudential Corporation Asia [LSE: PRU]

Mobile Appiphany: From Booking Your Trip to Maximizing Your Stay, the New Frontier of Mobile Apps

Michael Nuciforo, VP Mobile, Fareportal

A Crash Course in Low-Code Software: What it Is, What it Does, Why it Matters

Karen Astley, Vice President Asia-Pacific, Appian [NASDAQ: APPN]

right

THANK YOU FOR SUBSCRIBING

How Application Security Testing can go a Step Further?

CIOAdvisor Apac | Thursday, November 14, 2019
Tweet

Application security testing is a strenuous process and existing approaches have their limitations; however, a new approach can improve the process.

Fremont, CA: As applications migrate to the cloud, their security has become paramount. According to recent research, application vulnerabilities are the leading source of security breaches in 2018. The two pressing challenges for cybersecurity in the coming decade will be spear-phishing or application vulnerability exploits, according to the Verizon Data Breach Investigations report. A different survey shows that only 10 percent of the organizations report repairing critical vulnerabilities promptly. Thus, the market needs a shift, and to understand the change, a clear view of the current state of application security needs to be stated.

Currently, the software development lifecycle (SDLC) has a development (dev) and production (prod) phase. In the dev phase, the goal is to find and fix vulnerabilities, and in the prod stage, the goal is to protect the application from all its vulnerabilities. Software providers need only need one or the other; however, neither is foolproof. Thus, companies use some form of both.

Static application security testing (SAST) analyzes the application from inside-out by inspecting its source code. SAST leverages fundamental knowledge of vulnerabilities; however, conventional SAST scans are slow, requiring hours or even days to complete. Further, the results often show false-positives. On the other hand, dynamic application security testing (DAST) probes the application from outside in similar to the black box, which unveils interfaces for vulnerabilities. Generally, DAST accurately identifies externally visible vulnerabilities, but it requires test scripts to test everything, which from a practical standpoint, is impossible. Additionally, it only analyzes exposed interfaces, which presumes an attacker only has external access. The third approach is interactive application security testing (IAST), which improves on DAST by instrumenting the application for more in-depth analysis.

Each approach has its advantages and disadvantages. An ideal application security testing would have a faster version of inside-out approach of SAST. It would analyze the entire application, including third-party APIs, dependencies, and frameworks like DAST. For SAST to be complete, it should be combined with the data from the production environment to address reachability challenges. Regardless of the competence of an AST toolchain, there will be unfixed vulnerabilities in the production environment, but a tool is always needed to protect applications in production. This new approach instruments the application based on SAST findings to ensure high-performance and accurate protection notifying the developer about the location of the vulnerability into code that needs to be fixed.

Check This Out: Top Enterprise Security Solution Companies

Check out: APAC CIO Outlook Review

tag

review

spam

Featured Vendors

  • MVI Technologies: Innovative, Future-proof Financial and Payment Switching
    MVI Technologies: Innovative, Future-proof Financial and Payment Switching
  • DATAMARK: Process Driven Solutions in Action
    DATAMARK: Process Driven Solutions in Action
  • IMACREA: Shaping the Future of Teleworking
    IMACREA: Shaping the Future of Teleworking
  • PuzzleBox BPO, Inc.: A Hybrid Platform for Customer Support and Sales Empowerment
    PuzzleBox BPO, Inc.: A Hybrid Platform for Customer Support and Sales Empowerment
ON THE DECK

Read Also

Safeguarding Quality through Proactive Risk Management

Cultivating a Culture of Agility: Nurturing Adaptability for Organizational Success

Governance for Smarter KPIs: Enhancing Performance Measurement

Embracing the Irreplaceable Human in Business and Beyond

Leveraging Gamification for Deeper Financial Engagement

Generative AI: The Game-Changer Automates Marketing For The Retail Industry

Loading...

I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

Copyright © 2025 CIO Advisorapac. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy |  Sitemap

follow on linkedinfollow on twitter
This content is copyright protected

However, if you would like to share the information in this article, you may use the link below:

https://www.cioadvisorapac.com/news/how-application-security-testing-can-go-a-step-further-nwid-1946.html