It is a common myth that early testing in the SDLC should be based on SAST and passive IAST tools. This myth has been repeated often by sources that do not follow the developments of web application security and are unaware of the evolution of DAST and true IAST tools. Here is our definite proof that this assumption is wrong.

Early SDLC Testing with Docker, Kubernetes, and Acunetix

Our customer, who has asked to remain anonymous for security reasons, is one of the world’s largest publicly-traded software companies, founded 49 years ago and employing over 100,000 people. It is the world’s top vendor of enterprise software for managing business operations and customer relations. Currently, all products offered by this company are SaaS, and half of them are based on APIs and microservices.

Due to the maturity of the products and the size of the company, their development environment is quite complex. They manage security using an in-house vulnerability management solution while their DevSecOps is based on Jenkins, Docker, Kubernetes, and Jira. They needed reliable, high-quality IAST scans to feed the vulnerability management system and selected Acunetix with AcuSensor for this purpose.

Read the full technical case study to learn how this customer deployed Acunetix and AcuSensor.

Mythbusting with True IAST

As you can see, you don’t need to settle for a high number of false positives in SAST tools or the limited scope and capabilities of passive IAST. You can run high-accuracy, reliable, and comprehensive tests in your SDLC with the powerful DAST and true IAST combo from Acunetix.

If Acunetix can be deployed in such a complex environment and is selected by such a software giant as one of their preferred sources of vulnerability information, it can be implemented by you to scan your web applications and your APIs, too. Contact us for more information and to book an Acunetix demo.

SHARE THIS POST
THE AUTHOR
Tomasz Andrzej Nidecki
Principal Cybersecurity Writer
Tomasz Andrzej Nidecki (also known as tonid) is a Primary Cybersecurity Writer at Invicti, focusing on Acunetix. A journalist, translator, and technical writer with 25 years of IT experience, Tomasz has been the Managing Editor of the hakin9 IT Security magazine in its early years and used to run a major technical blog dedicated to email security.