Below are types of security tests:
1. Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST)
DAST requires running the app then manipulate it to find flaws which the hacker could exploit whereas SAST doesn’t require executing the app to test. SAST just analyzes the source and finds its weaknesses such as SQL injection and others listed in OWASP top 10. It is a better approach to do both DAST and SAST.
2. Penetration Test (Pen Test)
-ethical hacking is the other term for Pen Test. It can be done manually or tested automatically with software applications. Just like the process of hacking, the pen tester will gather the information about the system before the test, identify possible entry points, attempt to break in then report what the tester finds.
3. Runtime Application Self Protection (RASP)
-a technology that automatically executes when the app runs. It detects attacks in real-time. It analyzes the app’s behavior or the entered input then if the RASP finds it malicious, it will block or stop the attempted attack without human intervention. For instance, if the hacker tries to do an SQL injection attack, the RASP will stop the execution of that malicious instructions.
Thus, applying the above Web application security tests guarantee that the app or site remains secure and would make people live happily ever after.







