AST
Contents
[NOTE] Updated July 28, 2018. This article may have outdated content or subject matter.
AST
AST: Application Security Testing, 静态应用程序安全测试, 对应用程序源代码执行直接的白盒分析.
SAST
SAST: Static Application Security Testing
Tools: SonarQube, Trivy.
DAST
DAST: Dynamic Application Security Testing,动态应用程序安全测试, 对应用程序进行黑盒分析.
Tools: AppScan, AWVS, OWASP ZAP, Arachni.
IAST
IAST: Interactive Application Security Testing,交互式应用程序安全测试, 结合了SAST和DAST的优点.
SCA
SCA: Software bill-of-materials, 开源组件安全扫描。
Tools: BlackDuck.
Author Canux
LastMod 28077-04-04T78:16:549