The easiest way to remember the role of each: SCA & SAST = Am I VulnerableDAST & IAST = Am I Exploitable (In some cases together, they compliment SAST)RASP & WAF = Can I Protect Myself  (Fixing the code is the primary option)

Choosing the right static analysis software requires multiple components:1. What are my business requirements and do I have champion BUs  2. What does your application portfolio look like (Lang. developed, Line of Code, etc.) and do we have a complete application inventory…

Rendra,  You need to ask yourself a few questions: 1. Do I know is the technology stack (languages) that needs to be supported? 2. Do I have access to the Source Code, just Binaries OR Both? 3. Do I need to support SCA(FOSS) 4. Do I need a unified Dashboard for reporting…

@Oscar Van Der Meer Fortify SCA (Static Code Analyzer) was around way before SCA (Software Composition Analysis). There are various integrations with Software Composition Analysis (SonaType, BlackDuck, Snyk, WhiteSource, and OWASP Dependency Checker & Track. The reason…