From the course: Application Security in DevSecOps
Join today to access over 24,900 courses taught by industry experts.
Continuous static scanning
From the course: Application Security in DevSecOps
Continuous static scanning
- [Instructor] Now we'll dive into the practical application of security testing tools and how to integrate them into the DevOps pipeline. We'll cover several key types of application security testing, discussing what they are, how they can be automated, and walking through live demos. We'll start with static security analysis, which has been a foundational application security practice for many years. Static security testing involves analyzing the application source code to identify potential vulnerabilities without executing the code. The key advantages are it's an early shift-left security check in the development lifecycle, and it can catch certain classes of vulnerabilities that are difficult to find through dynamic testing. It's language-specific, so you have to use tools tailored to the languages in the code base. The potential downsides are that some static analysis tools can generate a high volume of false positives, requiring careful tuning and configuration. Maintaining an…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Continuous static scanning7m 7s
-
(Locked)
Continuous dynamic scanning7m 31s
-
(Locked)
Interactive application security scanning9m 11s
-
(Locked)
Continuous secret scanning5m 40s
-
(Locked)
Continuous dependency scanning4m 55s
-
(Locked)
Continuous container security6m 12s
-
(Locked)
Continuous infrastructure as code scanning6m 11s
-
(Locked)
AI application security6m 6s
-
(Locked)
Continuous application runtime monitoring5m 37s
-
(Locked)
-
-