From the course: Building an Application Security Program
Join today to access over 25,500 courses taught by industry experts.
Static code analysis (SCA)
From the course: Building an Application Security Program
Static code analysis (SCA)
- [Instructor] Now, let's talk about software composition analysis, or SCA. SCA is a tool that is used by security teams to help identify open-source software in an application. It has a couple of functions. It lists of vulnerabilities that are known for each of the open-source components or libraries that are found. It also lists the license type for each of the libraries. The license type is something that not everybody thinks about when performing security testing, but this is important from a privacy perspective. The type of license that an open-source component uses can affect how you distribute the application and what rights you have to include when releasing your software. SCA is important, especially in today's world of supply chain attacks. Open source is used in almost every single application that is developed. Rather than writing the same code over and over, developers like to reuse code, and open source…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Understanding AppSec testing5m 46s
-
(Locked)
Threat modeling5m 20s
-
(Locked)
Static application security testing (SAST)3m 14s
-
(Locked)
Dynamic application security testing (DAST)2m 55s
-
(Locked)
Interactive application security testing (IAST)2m 29s
-
(Locked)
Static code analysis (SCA)3m 6s
-
(Locked)
Verification testing2m 10s
-
(Locked)
Pentesting2m 50s
-
(Locked)
Red/Blue/Purple testing3m 32s
-
(Locked)
Monitoring AppSec in production3m 42s
-
(Locked)
RASP vs. WAF6m 32s
-
(Locked)
-
-