Bugs and weaknesses in software are common: 84 percent of system breaches exploit vulnerabilities at the application layer. The prevalence of software-related problems is a key motivation for using application security testing tools. With a growing number of application security testing tools available, it can be confusing for leaders, developers, and engineers to know which tools address which issues. In this podcast, Thomas Scanlon, a researcher in the SEI’s CERT Division, discusses the different types of application security testing tools and provides guidance on how and when to use each tool.
Thomas Scanlon holds a doctoral degree in Information Systems and currently is a researcher in the SEI’s CERT Division. He has more than 10 years of industry experience with Fortune 500 companies. Scanlon currently specializes in applied research topics related to secure software engineering, such as authentication and authorization, secure software development, automated testing tools, cyber threat modeling, and the Risk Management Framework (RMF). During the past 2 years, he has worked directly with the Joint Federated Assurance Center (JFAC) within the Department of Defense on the prototyping and selection of software testing tools and developing guidelines for others on selecting appropriate software testing tools.