UsefulLinks
Computer Science
Cybersecurity
Application Security
1. Introduction to Application Security
2. Foundational Security Principles
3. Secure Software Development Lifecycle
4. Secure Design and Architecture
5. Secure Coding Practices
6. Language-Specific Security Considerations
7. Third-Party Component Security
8. Secrets Management
9. Security Testing Methodologies
10. Common Vulnerability Categories
11. Secure Deployment and Operations
12. Vulnerability Management and Incident Response
13. Specialized Application Security Domains
14. Application Security Program Management
9.
Security Testing Methodologies
9.1.
Static Application Security Testing
9.1.1.
SAST Fundamentals
9.1.1.1.
Source Code Analysis
9.1.1.2.
Bytecode Analysis
9.1.1.3.
Binary Analysis
9.1.2.
SAST Tool Categories
9.1.2.1.
Commercial Tools
9.1.2.2.
Open Source Tools
9.1.2.3.
IDE Integrations
9.1.3.
SAST Implementation
9.1.3.1.
CI/CD Integration
9.1.3.2.
Build Pipeline Integration
9.1.3.3.
Developer Workflow Integration
9.1.4.
SAST Results Management
9.1.4.1.
False Positive Handling
9.1.4.2.
Result Prioritization
9.1.4.3.
Remediation Tracking
9.2.
Dynamic Application Security Testing
9.2.1.
DAST Fundamentals
9.2.1.1.
Black-Box Testing Approach
9.2.1.2.
Runtime Vulnerability Detection
9.2.1.3.
Attack Simulation
9.2.2.
DAST Tool Types
9.2.2.1.
Web Application Scanners
9.2.2.2.
API Security Scanners
9.2.2.3.
Mobile Application Scanners
9.2.3.
DAST Implementation
9.2.3.1.
Test Environment Setup
9.2.3.2.
Authentication Configuration
9.2.3.3.
Scan Scheduling
9.2.4.
DAST Coverage Optimization
9.2.4.1.
Crawling Strategies
9.2.4.2.
Input Discovery
9.2.4.3.
Test Case Generation
9.3.
Interactive Application Security Testing
9.3.1.
IAST Technology
9.3.1.1.
Runtime Instrumentation
9.3.1.2.
Code Coverage Analysis
9.3.1.3.
Real-Time Feedback
9.3.2.
IAST Deployment
9.3.2.1.
Agent Installation
9.3.2.2.
Performance Considerations
9.3.2.3.
Environment Requirements
9.3.3.
IAST Benefits
9.3.3.1.
Reduced False Positives
9.3.3.2.
Contextual Analysis
9.3.3.3.
Continuous Testing
9.4.
Manual Security Testing
9.4.1.
Security Code Review
9.4.1.1.
Review Methodologies
9.4.1.2.
Focus Areas
9.4.1.3.
Review Tools
9.4.2.
Penetration Testing
9.4.2.1.
Test Planning
9.4.2.2.
Reconnaissance
9.4.2.3.
Vulnerability Exploitation
9.4.2.4.
Post-Exploitation
9.4.2.5.
Reporting
9.4.3.
Security Architecture Review
9.4.3.1.
Design Analysis
9.4.3.2.
Threat Model Validation
9.4.3.3.
Control Assessment
9.5.
Specialized Testing Techniques
9.5.1.
Fuzz Testing
9.5.1.1.
Fuzzing Strategies
9.5.1.2.
Input Generation
9.5.1.3.
Crash Analysis
9.5.2.
API Security Testing
9.5.2.1.
REST API Testing
9.5.2.2.
GraphQL Testing
9.5.2.3.
SOAP API Testing
9.5.3.
Mobile Application Testing
9.5.3.1.
Static Analysis for Mobile
9.5.3.2.
Dynamic Analysis for Mobile
9.5.3.3.
Runtime Application Testing
Previous
8. Secrets Management
Go to top
Next
10. Common Vulnerability Categories