How Do You Prioritize Application Security Tools?

MergeBase is developing resources to help DevSecOps handle the problem of prioritizing application security tools as they build out their tech stacks. Please take the following 2-minute survey to share your thoughts on prioritizing application security tools.

(Feel free to share this survey with your colleagues—the more responses, the more useful the results will be!)

In a perfect world, every application would launch with flawless original code built on flawless third-party libraries—but that’s not the world we live in. Instead, DevSecOps teams rely on tools to detect vulnerabilities in their original, licensed, and open-source code. These tools include:

  • Static Application Security Testing (SAST), which finds security threats in your source code before it goes live.

  • Dynamic Application Security Testing (DAST), which finds vulnerabilities in your running application.

  • Software Composition Analysis (SCA), which finds known vulnerabilities in your open-source code.

  • Runtime Application Self-Protection (RASP), which analyzes a running application’s user behavior to detect and mitigate real-time threats.

  • Interactive Application Security Testing (IAST), which scans elements of your code for vulnerabilities as they are being tested.

It’s rarely practical for DevSecOps teams to have all five of these tools implemented at launch. So which tools should take priority?


Sign in to Google to save your progress. Learn more
How many years have you worked in application development? *
Does your role include responsibilities for application security?
 *
Which of the following application security tools have you worked with? *
Required
Which of the following application security tools does your company currently use? *
Required

How difficult do you believe it is to prioritize application security testing tools for your application development? (1 = Not difficult at all; 5 = Extremely difficult)

 *
What are the most important factors to consider when prioritizing application security testing tools? Rank the following factors from (1) most important to (7) least important.
 *
1
2
3
4
5
6
7
Price
Ease of technical implementation
Ease of use
Learning curve
Expected additional dev time required
Expected threats detected
Expected maintenance requirements
How do you prioritize security for your original, licensed, and open source code? Rank the following in order from (1) most important to secure to (3) least important to secure.
 *
1
2
3
Your original code
Code licensed from third parties
Open-source code
In your opinion, how should application security tools be prioritized in order to ensure a secure application and a productive development team? Rank these categories of tools in order from (1) highest priority to (5) lowest priority.
 *
1
2
3
4
5
SAST (finds vulnerabilities in your original at-rest code)
DAST (finds vulnerabilities in your running application)
SCA (finds vulnerabilities in your open-source code)
RASP (detects and blocks malicious behavior in real time)
IAST (finds vulnerabilities in target functions during testing)
Next
Clear form
Never submit passwords through Google Forms.
This form was created inside of MergeBase Software Inc. Report Abuse
Google Forms