You face the process of selecting the right application security testing solution for your organization. Everybody agrees it should be part of the SDLC and ultimately used by developers, testers or DevOps. Maybe it’s the first time you are introducing application security into the SDLC, or you have tried before and now wish to improve, realizing there is a tool out there much better for your needs.
Last Thursday, JP Morgan issued a warning to 465,000 holders of prepaid cash cards that their personal information may have been accessed by hackers who attacked the JP Morgan network in July. JPMorgan detected the breach only two months later, in the middle of September.
At first glance, there was nothing exceptionally interesting about this piece of news. We hear news of such data leaks on a constant basis over the last few years. Behind each of these lies a fundamental failure to protect user data, ignoring basic security best practices. However, this was not the case here. According to the reports provided by JPMorgan, they have actually done everything right. All sensitive user content was encrypted in their database and all standard protection measures were in place. So what went wrong?
Until recently, SAST/DAST dominated the application security testing market, each with its own pros and cons. We present IAST, a completely new approach – analyzing code execution, memory and data in runtime, allowing for accurate inspection of the application.
In a talk that examines technological concepts rather than specific products, IAST will be compared with the current SAST/DAST that has dominated the application security testing market. The talk presents the standard IAST building blocks and shows advanced IAST data analysis capabilities, including practical samples and including code.