<h1>Security Testing</h1>
<p>As with what we expect also from other types of testing (unit, integration, performance), shifting left security testing helps in reducing costs by identifying risks early in the development process. Indeed, finding vulnerabilites in production is more expensive than identifying and fixing them before application deployment.</p>
<p>Some security testing can be performed through methods like:</p>
<ul>
<li>SCA: Static Code Analysis</li>
<li>DAST: Dynamic Application Security Testing</li>
<li>Penetration testing</li>
</ul>
<p><img src="https://user-images.githubusercontent.com/1062699/147394055-86144b6c-8e37-46e1-8491-0db88dfdc373.png" alt="image"></p>
<p><a href="https://snyk.io/">Snyk</a> is a tool that performs SCA and <a href="https://www.stackhawk.com/">Stackhawk</a> is another tool that can do DAST.</p>
<h1>Resources</h1>
<ul>
<li><a href="https://snyk.io/learn/shift-left-testing/">Shift-left</a> security testing</li>
<li><a href="https://www.zaproxy.org/">OWASP ZAP</a></li>
<li><a href="https://www.stackhawk.com/blog/zap-vs-stackhawk-comparison/">Comparison</a> between ZAP and Stackhawk</li>
<li><a href="https://docs.snyk.io/features/snyk-cli/install-the-snyk-cli">Snyk CLI</a> installation</li>
<li><a href="https://linuxfoundation.org/webinars/shifting-application-security-left/">Shift-left security webinar</a></li>
</ul>


Pascal

Shift-left security testing

Security Testing

Resources