Application Security Questions
Evgeny Belenky
IT Central Station
Aug 05 2021

Hi peers,

What are the OWASP Top 10 this year? 

What single web app security tool (or a minimum set of tools) would you recommend for overall web app protection (from the most critical security risks covered by these Top 10)?

Andrew Van Der StockWe are due to release the OWASP Top 10 2021 on September 24, 2021. We will be… more »
Curtis YankoI’m not sure the top 10 is changing this year but if it is it will be to squeeze… more »
Kit Ted
User at h
May 20 2021

I'm currently researching the following two application security tools: Coverity and SonarQube.

Can anyone point me out to main differences between these 2 products?

Thanks for your help!

Rony_Sklar
IT Central Station
Jun 28 2021

There are many cybersecurity tools available, but some aren't doing the job that they should be doing. 

What are some of the threats that may be associated with using 'fake' cybersecurity tools?

What can people do to ensure that they're using a tool that actually does what it says it does?

SimonClark Dan Doggendorf gave sound advice. Whilst some of the free or cheap… more »
Dan DoggendorfThe biggest threat is risks you think you have managed are not managed at all so… more »
Javier MedinaYou should build a lab, try the tools and analyze the traffic and behavior with… more »
Manoj Kumar Kemisetty
Sap Advanced Business Application Programming Consultant at Accenture
Jun 17 2021

Is SonarQube is the best tool for static analysis or there are any good tools which compete with SonarQube?

Peter ArvedlundI am not very familiar with SonarQube and their solutions, so I can not answer… more »
Purushothaman KThe static tool we can use is Fortify or IBM Appscan. SonarQube is widely used… more »
Rama SusarlaSonarQube is one of the widely used and easy-to-use tools.  With some easy… more »
Rony_Sklar
IT Central Station

Many companies wonder about whether SAST or DAST is better for application security testing. What are the relative benefits of each methodology? Is it possible to make use of both?

Dan DoggendorfSAST and  DAST are not mutually exclusive and should be used in conjunction with… more »
Oscar Van Der MeerFor application security you ideally need SAST, SCA and DAST. You need all three… more »
Thomas RyanThe easiest way to remember the role of each: SCA & SAST = Am I Vulnerable… more »
Ariel Lindenfeld
Sr. Director of Community
IT Central Station
Sep 20 2021

Let the community know what you think. Share your opinions now!

reviewer1434390I would check the authentication steps required. How does the data storage work… more »
SimonClarkMost companies have hundreds of apps so it is impractical to ensure every single… more »