ABSTRACT
Typical software development testing occurs in multiple iterative phases, with the completion of one signaling the beginning of the next. Unit testing helps prevent defects from finding their way into the larger testing phases. Manual reviews have proven their value repeatedly when it comes to accuracy and quality. They also help identify logic vulnerabilities that typically cannot be identified by automated static code analyzers. Static application security testing (SAST) supports the secure development of programs in an organization by finding and listing the potential security bugs in the code base; this is one of the most powerful processes in implementing a shift left model. Using SAST tools and building a process around it to help ensure compliance to organizational requirements for software security, while working hand in hand with Scrum teams across the enterprise, is extremely challenging and time consuming.
