Sources Of Application Security Vulnerabilities
Introduced by external, open-source components
Written into source code by application developers
Insufficient run-time data/error handling
Accidentally writing sensitive data/passwords into code
Implementation on faulty infrastructure
Violating corporate license mandates during development
Discover & Fix Issues By:
Inspecting source code (SAST)
Checking third-party or OSS components (SCA)
Stripping sensitive data out of code (Secrets)
Verifying license compliance (License)
Performing run-time security test (DAST)
Aligning with security framework (OWASP)
Must Seamlessly Integrate Application Security Into Your DevOps Process
Open Source Scanners included in Sken for SAST
SAST
find-sec-bugs
NodeJScan
brakeman
bandit
Gosec
PHPCodeSniffer
ES Lint
TSLint
App Languages
Java
Ruby
NodeJS
Phyton
Gosec
PHP
NodeJS
TypeScript
