It is a common myth that early testing in the SDLC should be based on SAST and passive IAST tools. This myth has been repeated often by sources that do not follow the developments of web application security and are unaware of the evolution of DAST and true IAST tools. Here is our definite proof that this assumption is wrong.
Early SDLC Testing with Docker, Kubernetes, and Acunetix
Our customer, who has asked to remain anonymous for security reasons, is one of the world’s largest publicly-traded software companies, founded 49 years ago and employing over 100,000 people. It is the world’s top vendor of enterprise software for managing business operations and customer relations. Currently, all products offered by this company are SaaS, and half of them are based on APIs and microservices.
Due to the maturity of the products and the size of the company, their development environment is quite complex. They manage security using an in-house vulnerability management solution while their DevSecOps is based on Jenkins, Docker, Kubernetes, and Jira. They needed reliable, high-quality IAST scans to feed the vulnerability management system and selected Acunetix with AcuSensor for this purpose.
Mythbusting with True IAST
As you can see, you don’t need to settle for a high number of false positives in SAST tools or the limited scope and capabilities of passive IAST. You can run high-accuracy, reliable, and comprehensive tests in your SDLC with the powerful DAST and true IAST combo from Acunetix.
If Acunetix can be deployed in such a complex environment and is selected by such a software giant as one of their preferred sources of vulnerability information, it can be implemented by you to scan your web applications and your APIs, too. Contact us for more information and to book an Acunetix demo.
Get the latest content on web security
in your inbox each week.
*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Tomasz Andrzej Nidecki. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/EAGeCfsMp30/