.svg)
.svg)
How to make dynamic testing work for DevOps teams?
One of the challenges of introducing DAST (Dynamic Application Security Testing) into DevOps, like when we were able to introduce SAST (Static Application Security Testing), is speed. It's much slower. So, how can we make this more efficient for our DevOps teams?
One of the challenges with being able to introduce DAST into DevOps, in the same vein that people have been able to introduce SAST, is speed. It's slower.
The expectation when running things like CI pipelines is that the pipeline takes seconds or minutes, but often these DAST tools can take hours or days to run in their default configuration. However, there are ways we can manage this to support our DevOps teams.
First and foremost, is there a cut down version of the DASt that we can run as an initial check to decide whether or not we can pass something on to the next stage of the testing process. If we can feed information from SAST in so we can see that particular vulnerabilities have been potentially detected, then validate these with DAST. We now know that we have a different pool of particular vulnerabilities that won't have been detected as SAST isn't able to do that. With this more concentrated focus, we can run a version of DAST that completes much faster than you may have previously experienced.
The other thing you can do is look at batching things up. As long as you've got a record of what changes have occurred and what's going on outside of your pipeline, then you can start looking at running a DAST tool at a regular cadence. Then, you can feed in the information from those different change management systems, so that it's catching several different changes before they go into production, but not necessarily before they go into staging.
.svg)
Get a Free Trial From Cytix
Haven’t tried Cytix yet? Try our free trial to see how it works.
Get a Free Trial
.svg)
.svg)
Start Detecting Vulnerabilities Others Miss Today
- Detect Vulnerabilities Faster
- Patch Vulnerabilities Faster
- Be more compliant
.
28 Apr
2024
How do you understand performance over time?
.svg)
In order to get to grips with the performance of your software or product over time, you really need to be taking incremental measurements of your cybersecurity.
.
21 Apr
2024
Will there come a day where there are 0 vulnerabilities to find?
There's a growing potential for AI to remove many sources of vulnerabilities, but does that mean we're going to see a day where code is being written without any vulnerabilities being introduced into systems?
.
21 Apr
2024
How do you work out MTTR (Mean Time to Response)?
MTTR is all about looking at where you're handing your information over to the people who are responsible for fixing the vulnerabilities. Once it's handed over, the process has begun. So, we know where the timer starts, but where does it end? When have we determined that the response period is finished?
