Understanding Code Security Fundamentals

To make code run faster

To prevent security vulnerabilities

To reduce the size of the code

To improve code readability

Using too many variables

Incorrect use of loops

Not validating input sizes

Using global variables

Static Application Security Testing

Secure Application Software Testing

Systematic Application Security Testing

Software Application Security Testing

It analyses code without executing it

It requires access to source code

It tests applications in a running state

It is only applicable to web applications

To identify outdated software

To detect open source components and their vulnerabilities

To improve software performance

To enhance user interface design

Hardcoding passwords in the source code

Using prepared statements for database queries

Disabling all security features for testing

Ignoring compiler warnings

An attack that fills up the server's memory

An attack that exploits a program's memory allocation

An attack that targets network bandwidth

An attack that corrupts database entries

Burp Suite

SonarQube

Wireshark

Metasploit

DAST is faster than SAST

DAST can find runtime vulnerabilities

DAST is cheaper than SAST

DAST requires less expertise

Identifying license compliance issues

Detecting vulnerabilities in open source components

Improving code execution speed

Providing a bill of materials for software components