Revision as of 21:19, 20 January 2020 edit Walter Görlitz (talk \| contribs) Extended confirmed users, Pending changes reviewers 294,571 edits Reverted 1 edit by Dwardoh (talk) to last revision by Walter Görlitz (TW) Tag: Undo ← Previous edit		Revision as of 16:01, 30 January 2020 edit undo Cobanyastigi (talk \| contribs) Extended confirmed users 857 edits Security Tools Next edit →
Line 41: * '''Security Audit''' - Driven by an Audit / Risk function to look at a specific control or compliance issue. Characterized by a narrow scope, this type of engagement could make use of any of the earlier approaches discussed ([[Vulnerability assessment (computing)\|vulnerability assessment]], security assessment, penetration test). * '''Security Review''' - Verification that industry or internal security standards have been applied to system components or product. This is typically completed through gap analysis and utilizes build / code reviews or by reviewing design documents and architecture diagrams. This activity does not utilize any of the earlier approaches (Vulnerability Assessment, Security Assessment, Penetration Test, Security Audit) ==Security Tools== * CSA - Container and Infrastructure Security Analysis * [[Dynamic application security testing\|DAST]] - [[Dynamic Application Security Testing]] * [[Data loss prevention software\|DLP]] - [[Data Loss Prevention]] * IAST - Interactive Application Security Testing * [[Intrusion detection system\|IDS]]/IPS - [[Intrusion Detection]] and/or Intrusion Prevention * OSS - Open Source Software Scanning * RASP - Runtime Application Self Protection * SAST - Static Application Security Testing * SCA - Software Composition Analysis * WAF - Web Application Firewall ==See also==

Security testing: Difference between revisions