SAST has its place, DAST is great at finding the majority of flaws that the bad guys are going to uncover, and IAST offers unique approaches to complex situations. At a minimum, DAST should be your main focus. Step back and consider your application environment, your internal resources and expertise, as well as your budget.
This blog post describes our partnership with the OLX Group that enabled them to use Probely’s API driven security scanner to secure their customer data and facilitate creativity. Probely integrated quickly with their in-house solution Dalek and provided evidence of vulnerabilities with no false positives.
Many companies have internal web applications, accessible only from their corporate network or through a VPN. These are often back-offices, management portals, HR applications, and everything that makes sense only for the company workforce, not for their clients. This also means that cloud services, like Probely, could not scan them for vulnerabilities. Until now.
In this day and age having a functioning and secure Software Development Life Cycle (SDLC) process in place is becoming a key component of a successful organization. And one methodology that is becoming increasingly popular is DevOps. Mainly, because the methodology itself is designed to produce fast and robust software development. In this article, we will focus on how we can incorporate security into CI/CD and turning DevOps into DevSecOps easily and with automation in mind.
