How to Integrate Application Security Testing Into a Software Development Life Cycle


Published: 26 December 2018 ID: G00370366

Analyst(s): |

Not a Gartner Client?

Want more research like this?
Learn the benefits of becoming a Gartner client.

contact us online

Summary

AST is a critical application security practice for development, testing and security staff. This assessment, aimed at technical professionals focused on application security, compares approaches to AST for web applications, mobile applications and web APIs throughout the SDLC.

Table of Contents

  • Comparison
  • Analysis
    • Creating Effective and Efficient AST Capabilities
      • Application Security Vulnerabilities by the Numbers
      • Application Security Testing Methods
      • AST-Related Tools and Methods
      • Example AST Tools and Services
      • AST Deployment Types
      • Evaluating AST Vendors and Tools
    • Implementing the Three Phases of AST
      • AST During Development and Testing
      • AST During Prerelease Testing
      • AST in Production Environments
    • Integrating AST With Remediation
    • Addressing Common Challenges With the AST Types
      • SAST Challenges
      • DAST Challenges
      • IAST Challenges
    • Adapting AST to Specific IT Scenarios
      • AST for Legacy Applications
      • AST for Outsourced Development and Off-the-Shelf Applications and Components
      • AST for Cloud and Externally Hosted Applications
      • AST for Modern Web Applications, Mobile Applications and Associated Web APIs
      • AST for the IoT and Operational Technology Architecture
      • AST for Malicious Code
      • AST in Continuous Integration and Continuous Delivery
  • Guidance
    • Test in Depth All Critical and Exposed Applications — Regardless of Pedigree — at Least Once
    • Implement a Three-Phased AST Approach to Improve Security and Reduce Cost
    • Operationalize AST by Integrating With Security, Development and Operations Practices
  • The Details
    • Open-Source Software Hygiene
      • A Brief Primer on CVEs
      • Open-Source Licenses
      • SCA Differentiation
  • Gartner Recommended Reading
© 2018 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Free Research

Discover what 12,000 CIOs and Senior IT leaders already know.

Free Access

Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more

Call +1 855-515-4486 or contact us

to become a Gartner client.