~

~/Security

~/Security/Appsec

---

• Dynamic Code Analysis
• Main Advantages
• Main Disadvantages
• Software Testing
• Automate Dynamic Analysis
  • Incorporate it into your project
  • Incorporate it into CI/CD

---

Dynamic Code Analysis

Dynamic code analysis involves running code and examining the outcome, which also entails testing possible execution paths of the code.

Main Advantages

• providing visibility of issues before code hits production
• actually runs the code, so can provide time-for-execution, resource usage, log errors occuring during testing, and report vulnerabilities that may have been found during the testing process

Main Disadvantages

• if the code doesn’t run, it isn’t tested. Checking for dead code can be done with various Static Analysis tools
• poor rules lead to poor results. analysis is only as good as the rules, and often the “automation” is taken for granted, making it completely pointless

Software Testing

Automate Dynamic Analysis

Incorporate it into your project

Use automated testing to check integrations, interfaces, performance, the operation of specific modules and security. Unit tests, regression tests, API and integration tests, smoke tests, UI and I/O tests, security and vulnerability tests, stress tests, and acceptance tests.

Incorporate it into CI/CD

Use something like Github Actions to perform dynamic analysis before code goes live. Here you can configure automated actions for:

• Security Issues
• Code Quality
• Code Review
• Software Composition Analysis/Dependency Scanning
• Testing

wip