•Source Code Review/Static Application Security Testing (SAST)
•Tools: HP Fortify, AppScan, Checkmarx, Open Bugs, Brakeman •Dynamic Code Review/Dynamic Application Scanning
•Tools: Zap, Burp Suite, Vega, Nikto, AppScan, AppSider, etc.
•Network and Host Scanning/Assessment
•Tools: Nmap, Nessus, OpenVAS, Qualys, etc,
•Credential Scan: Provide administrative user level credential of the host been scanned to the Scanner.
•None Credential Scan: No credential is provided to the scanner.•
COMPLIANCE SCAN: Scan host or network against popular baselines (STIGS, CIS benchmark, etc.)