10 Types of Application Security Testing Tools and How to Use Them
February 2019 • Podcast
Thomas Scanlon, a researcher in the SEI’s CERT Division, discusses the different types of application security testing tools and provides guidance on how and when to use each tool.
Software Engineering Institute
“…one of your biggest exposure points can be known vulnerabilities. Your software may have vulnerabilities that nobody knows about, so your risk of getting exploited through those is low, but if you are using software components that have known vulnerabilities, adversaries are familiar with that. So those are ones you definitely want to patch.”
Bugs and weaknesses in software are common: 84 percent of system breaches exploit vulnerabilities at the application layer. The prevalence of software-related problems is a key motivation for using application security testing tools. With a growing number of application security testing tools available, it can be confusing for leaders, developers, and engineers to know which tools address which issues. In this podcast, Thomas Scanlon, a researcher in the SEI’s CERT Division, discusses the different types of application security testing tools and provides guidance on how and when to use each tool.
About the Speaker
Thomas Scanlon holds a doctoral degree in Information Systems and currently is a researcher in the SEI’s CERT Division. He has more than 10 years of industry experience with Fortune 500 companies. Scanlon currently specializes in applied research topics related to secure software engineering, such as authentication and authorization, secure software development, automated testing tools, cyber threat modeling, and the Risk Management Framework (RMF). During the past 2 years, he has worked directly with the Joint Federated Assurance Center (JFAC) within the Department of Defense on the prototyping and selection of software testing tools and developing guidelines for others on selecting appropriate software testing tools.