From the course: DevSecOps in Action: Securing and Governing Multicloud Infrastructures
Join today to access over 25,500 courses taught by industry experts.
Run multicloud static application security testing (SAST)
From the course: DevSecOps in Action: Securing and Governing Multicloud Infrastructures
Run multicloud static application security testing (SAST)
- [Instructor] In multicloud apps, the risks aren't uniform. The same team can ship an Azure-hosted backend that's only accessible privately. And an AWS frontend, that's internet-facing, but behind a web application firewall. Static application security testing or SAST rollouts often lack this cloud context and target the entire organization evenly. However, different clouds can have different exposure levels. For example, if a company policy states that all Azure deployments have to be internal and within the virtual network, this limits the impact of certain vulnerability types. Similarly, a legacy front-end application could be deployed in AWS, but be secured behind a web application firewall. This allows the team more leeway in terms of securing this delicate code. Additionally, multi-cloud apps are often in a monorepo to ease rollouts. All this means that one-size-fits-all SAST can't work. Let's see how we can…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.