Author: Vanessa Padua, Cybersecurity Executive – Director, Microsoft
Application security is defined as the process of making web and mobile-based applications secure and impervious to external and internal attacks. This process involves multiple rounds of scanning, identification, analysis, fixing, and enhancement, carried out using SAST and DAST methodologies. This manuscript briefly touches upon the working of static and dynamic application security testing along with secure code review, which forms the major technology and functioning base for SAST. This manuscript also discusses the benefits and limitations of these methodologies in addition to the OWASP checklist and risk rate procedures used by security engineers and application testers to develop or target web and mobile applications to improve their security against malicious attacks.