Popular SAST, DAST and RASP Toosl for DevSecOps

Static Application Security Testing (SAST)

  • OWASP SonarQube for Code Scanning

Dynamic Application Security Testing (DAST)

  • Fortify Webinspect for Dynamic Application Security Testing (DAST)
  • AppScan on Cloud

Runtime application self-protection (RASP)

  • Twistkock – Understanding and Implementing Security aspect of Docker()
  • Notary – Understanding and Implementing Security aspect of Kubernetes()
  • NewRelic – Understanding and Implementing Security aspect of Java Virtual Machine
  • AWS Security service – Understanding and Implementing Security aspect of AWS cloud.
  • Chef InSpec – For Scanning your applications and infrastructure
  • ELK – For Log analysis related to Security Threat.
  • HashiCorp Vault – For security tool for certificates, API keys, or passwords
  • Fortify Application Defender – For Runtime Application Security Testing (RAST)
Rajesh Kumar
Follow me