How do I select an application security testing solution for my business? - Help Net Security

How do I select an application security testing solution for my business? - Help Net Security

Software-related issues continue to plague organizations of all sizes, so IT leaders are turning to application security testing tools for help. Since there are many types of programs available on the market, choosing one is not a straightforward process.


To select the perfect application security testing solution for your business, you need to think about an array of details. We’ve talked to several industry professionals to get insight to help you get started.



Leon Juranic, CTO, DefenseCode

Choosing the right application security testing solution for your business can be a daunting task for any organization. On the surface, they all appear to function similarly and provide a list of vulnerabilities as part of the results.


Prospective users need to look beyond the superficial and closely examine a couple of important factors and capabilities of any application security testing solutions. Clients should focus on True Positive and False Positive (low noise levels) rates to determine how usable a vendor’s product is in the real world.


Having to spend hours triaging the results to determine if they are real is an expensive overhead for any business and undermines confidence in the results also increases the workload of development teams unnecessarily, ultimately even rejection of an AST product.


Secondly, understanding if your workflow can be supported is essential, otherwise, a standalone security product will never be used effectively by development teams. The best approach would be to invest upfront and evaluate a shortlist of vendors to determine if they are a good fit for your business.



Ferruh Mavituna, CEO, Invicti Security

The most important thing is getting real value from your ..