Application Security Testing (xAST) is a generalized approach for static (SAST), dynamic (DAST), or interactive (IAST) scanning methods when testing for vulnerabilities. Now, if this sounds like a shift-left disruption ready market
, keep reading.
Run-time Application Security Protection (RASP) can be a specific wrapper approach that assumes a specific known context for the internal design of specific software. The RASP approach also enabled the creation of the Web Application and API Protection (WAAP) market because everything that could become an API will become an API on a long enough timeline.
Examples of companies from A to Z in this space include (with deep links to an educational blog post) AppDome
, Data Theorem
, Micro Focus
, WhiteHat Security
, and Zimperium
. And that’s just to name a few.
Interestingly, DevSec related features are increasingly appearing as partner integrations (and likely as an eventual native competitive parity offer)
within collaborative code services such as GitHub
These approaches can be helpful in trying to find a needle… in a fullstack. Right?
So, what about about when the build breaks? Or you just inherited responsibility for a new (to you) codebase that was assembled over a time period longer than your entire career? Or your DevOps and DevSecOps teams are shifting their entire approach to everything in order to embrace an Infrastructure as Code (IaC) ethos?