Shift-left security testing

Security Testing

As with what we expect also from other types of testing (unit, integration, performance), shifting left security testing helps in reducing costs by identifying risks early in the development process. Indeed, finding vulnerabilites in production is more expensive than identifying and fixing them before application deployment.

Some security testing can be performed through methods like:

  • SCA: Static Code Analysis
  • DAST: Dynamic Application Security Testing
  • Penetration testing


Snyk is a tool that performs SCA and Stackhawk is another tool that can do DAST.