Application Security

Knowledge Center

The vast majority of applications ship to production with many serious security vulnerabilities, such as SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and other OWASP Top 10 risks. Often, design flaws such as broken authentication are also overlooked. The selection of content under the following three sections will help you to upgrade your application security knowledge including the best practices regarding vulnerability assessment, application protection, and adding security automation to your SDLC.


Application Security Testing (SAST, DAST, IAST)

Application Security Testing, also known as Vulnerability Assessment, is a broad category of software tools that find security vulnerabilities in the source code of the applications. This Knowledge Center section will cover legacy tools such as SAST code analyzers and DAST web scanners, as well as modern Vulnerability Assessment approaches such as IAST (Interactive Application Security Testing).

Application Protection (WAF, RASP)

Application Protection is about stopping malicious attacks on production applications. In this collection of articles, we will review the WAF (Web Application Firewall) technology, which is the mainstream application protection approach. This section will review the RASP approach as well, because the WAF technology is mature, and the security industry is moving away from it.

DevSecOps (From Agile to DevSecOps)

As software development teams increasingly adopt DevOps methodologies to accelerate the deployments and provide scalability to their pipeline, the classic security approach does not work anymore. In this section of the application security Knowledge Center, we will review its limitations, and provide a blueprint to add security to all the phases of your DevOps pipeline, also known as DevSecOps.



Learn the answers to the key questions regarding IAST tools

Download Now


IAST in Development, QA and Production Stages

Download Now


The 7 Key Factors to Successful DevSecOps

Download Now


Making DevSecOps a reality in your Spring applications