Protecting Your Custom Software-Security Scanning and Runtime

This podcast reviews the various categories of vulnerability tools that should be used against custom software web applications and describe a couple of the vendors in each space. The types of scanners that will be covered include Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis (SCA), Interactive Application Security Testing (IAST), and hiring a company to perform penetration tests Questions that Corey will ask speaker: • What is the state of web application vulnerability testing tools today? • If you are on a tight budget, where would you consider using open source solutions over vendor offerings? • Is there a scanning category where you would not compromise, and absolutely would use a vendor solution? If so, why? • What are some of the limitations that people should be aware of when using various vendor scanning tools? • How has deploying web applications in a cloud infrastructure changed web application scanning? Moderator: @Corey Reitz - Distinguished Cyber Assurance Architect, Sandia National Laboratories

Speaker: Atahan Bozdag - Director of Information Security,MedeAnalytics   Recorded on 09-23-2022