You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Security testing is the process of evaluating a web application's defences against potential threats. It encompasses a range of techniques and tools designed to discover vulnerabilities before attackers do. A robust security testing programme combines automated scanning with manual testing throughout the software development lifecycle.
| Type | Acronym | Description | When to Use |
|---|---|---|---|
| Static Application Security Testing | SAST | Analyses source code without executing it | During development (in IDE, CI/CD) |
| Dynamic Application Security Testing | DAST | Tests the running application from the outside | Against staging/production environments |
| Interactive Application Security Testing | IAST | Combines SAST and DAST using instrumented code | During integration and QA testing |
| Software Composition Analysis | SCA | Identifies known vulnerabilities in third-party dependencies | Continuous — integrated into CI/CD |
| Penetration Testing | Pentest | Simulated attack by skilled testers | Periodically (quarterly, annually) |
| Bug Bounty | — | External researchers find and report vulnerabilities | Ongoing |
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.