Security Tools
Security tools identify weaknesses in an application by analyzing it from its source code or during runtime. They are effective at finding certain types of vulnerabilities, but not well-suited for others as there are a class of application weaknesses that cannot be adequately tested by a security tool. However, they form part of an effective security testing strategy when combined with a focused manual testing practice. SD Elements can help teams achieve this effective strategy by identifying which security requirements are not covered by a scanning tool, and which ones require further manual testing.
SD Elements integrates with two types of scanning tools:
-
Static analysis: Tools that scan application code for vulnerabilities, such as Veracode (static analysis) and HP Fortify.
-
Dynamic analysis: Tools that scan application runtime for vulnerabilities, such as Veracode (dynamic testing) and HP WebInspect.