Specialized web application security tools exist to discover vulnerabilities and misconfigurations, triage them, temporarily mitigate them, and manage the whole testing and fixing process. There are many classes of web security tools that cover different areas of the application lifecycle and different types of security testing. Knowing the intended use and limitations of each class of tools is crucial for building a toolchain that works best for your specific environment.
Here are the most important classes of web application security tools at a glance – see the full index for more:
Dynamic application security testing (DAST)
Dynamic application security testing means testing an application by performing mock attacks on a running application.
Static application security testing (SAST)
Static application security testing means security testing by examining static code, for example, source code, bytecode, or compiled code.
Vulnerability management is a process of handling the vulnerability from the moment it is discovered to its resolution.