Professional Documents
Culture Documents
E Com Security Solutions - Six Best Practices For Security Testing in The SDLC
E Com Security Solutions - Six Best Practices For Security Testing in The SDLC
the SDLC
Author: Pavankumar Bolisetty
Page 2 of 3
3) Static Analysis
Static analysis inspects code at rest without executing the program. It allows developers to perform a
thorough inspection of every aspect of the softwares source code, in order to identify any flaws or back
doors that will make your application vulnerable to attack.
Static analysis tools, which read through your software code, can be programmed to look for clues that
point to vulnerabilities that your developers may not have identified during code reviews.
4) Dynamic Analysis
Dynamic analysis is the natural follow-on from static analysis. Dynamic testing is performed in a runtime
environment, with security analysis carried out while the application is in operation. Dynamic analysis
can reveal vulnerabilities and flaws that may be too subtle or complicated for static analysis to pick up
on. Dynamic testing tools can uncover hidden problems like memory manipulation or file access that
dont appear in plain view in the applications API.
Page 3 of 3