Toptube Video Search Engine



Title:DevSecOps - What is SAST DAST IAST and RASP - english - 4k
Duration:33:15
Viewed:798
Published:16-07-2021
Source:Youtube

This video will explain the differences between the individual cybersecurity defence techniques #SAST #DAST #IAST and #RASP. #SAST - Static Application Security Testing SAST is a so-called white box process. The code is visible and does not have to be running. That is why we speak of "static". The tests can identify three types of security threats. First, there are available loopholes. For example, "tainted code" can be injected. Second, some lines can be associated with files or particular classes of objects. Here, too, the focus is on the smuggling of malware. Third, there are gaps at the application level: Can the code be used to interact with third-party programs unnoticed? #DAST - Dynamic Application Security Testing Loosely translated, DAST means something like "dynamic security test of applications". Specifically, a scanner connects to the application in question and simulates external attacks while it is running. Hence the term "dynamic" comes from. Since the application is attacked from the outside, DAST is a black-box process. The code itself is invisible to the testing software. #IAST - Interactive Application Security Testing IAST uses software tools to evaluate application performance and identify vulnerabilities. IAST takes an "agent-like" approach; The agents and sensors run to continuously analyze application functions during automated tests, manual tests, or a mixture of both. The process and feedback occur in real-time in the IDE, Continuous Integration (CI) environment or quality assurance or during production. The sensors have access to: + Complete source code + Data and control flow + System configuration data + Web components + Backend connection data #RASP - Runtime Application Self Protection RASP is about the approach to secure the application from within. The backup takes place at runtime and generally consists of looking for suspicious commands when they are executed. With the RASP approach, you can examine the entire context of the application on the production machine and in real-time. Here all commands that are processed are examined for possible attack patterns. Therefore, this procedure aims to identify existing security gaps and attack patterns and those that are not yet known. Have fun with the video Cheers Sven



SHARE TO YOUR FRIENDS


Download Server 1


DOWNLOAD MP4

Download Server 2


DOWNLOAD MP4

Alternative Download :