BestHub
Sign in
Tagged articles
12 articles
Page 1 of 1
Woodpecker Software Testing
Woodpecker Software Testing
Dec 30, 2025 · Information Security

Master Automated Security Testing with ZAP: From Zero to Enterprise‑Ready

This article walks readers through ZAP’s architecture, dual passive/active scanning engines, headless operation, Python automation, CI/CD integration with Jenkins and Docker, advanced scripting with Zest and custom plugins, and best‑practice recommendations for building an enterprise‑grade automated security testing pipeline.

Automated Security TestingDASTDocker
0 likes · 10 min read
Master Automated Security Testing with ZAP: From Zero to Enterprise‑Ready
FunTester
FunTester
Jul 28, 2025 · Information Security

Unlocking App Security: How SAST, DAST, IAST, and RASP Protect Your Code

This article explores the core principles, strengths, and limitations of four major application security testing approaches—Static (SAST), Dynamic (DAST), Interactive (IAST), and Runtime Application Self‑Protection (RASP)—and compares them in a concise table to guide developers in building a comprehensive security strategy.

Application SecurityDASTDevSecOps
0 likes · 8 min read
Unlocking App Security: How SAST, DAST, IAST, and RASP Protect Your Code
Huolala Tech
Huolala Tech
Sep 17, 2024 · Information Security

How to Automate Logic Vulnerability Detection with DAST, IAST, and API Analysis

This article outlines the background of logic vulnerabilities, compares SAST/IAST/DAST techniques, presents a comprehensive detection architecture with API traffic capture, token collection, fuzzy‑hash response comparison, API deduplication, and discusses challenges such as public API false positives and automation gaps.

API SecurityDASTIAST
0 likes · 16 min read
How to Automate Logic Vulnerability Detection with DAST, IAST, and API Analysis
Bilibili Tech
Bilibili Tech
Aug 2, 2024 · Information Security

Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps

At Bilibili, the security team adapted Microsoft’s Security Development Lifecycle by establishing capability practices such as training, threat modeling, secure coding, and component scanning, integrating these processes into development pipelines through dedicated business partners, extending protection to the full data lifecycle, and evolving toward automated DevSecOps with in‑pipeline DAST and a custom vulnerability management platform.

Application SecurityDASTDevSecOps
0 likes · 15 min read
Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps
Cloud Native Technology Community
Cloud Native Technology Community
Sep 7, 2023 · Information Security

Kubernetes Security Testing: Importance, Methods, and Best Practices

This article explains why security testing is critical for Kubernetes clusters, outlines key testing approaches such as SAST, DAST, container image scanning, configuration audits, and network policy testing, and provides practical steps for integrating these methods into CI/CD pipelines to ensure robust cloud‑native security.

Configuration AuditContainer ScanningDAST
0 likes · 9 min read
Kubernetes Security Testing: Importance, Methods, and Best Practices
Software Development Quality
Software Development Quality
May 16, 2023 · Information Security

Mastering DevSecOps: Essential Security Testing Strategies for Modern Applications

As DevOps accelerates software delivery, integrating robust security testing—through static, dynamic, interactive application security testing and software composition analysis—becomes essential, and this article explains the importance, methods, tools, and best practices, including Huawei Cloud’s approach, to ensure comprehensive protection across the development lifecycle.

DASTDevSecOpsIAST
0 likes · 15 min read
Mastering DevSecOps: Essential Security Testing Strategies for Modern Applications
DevOps
DevOps
Aug 26, 2022 · Information Security

Security Testing Practices in DevSecOps and Huawei Cloud

The article explains the importance of security testing within DevSecOps, outlines key testing methods such as SAST, DAST, IAST, and SCA, discusses penetration testing, and describes Huawei Cloud's comprehensive security testing framework and practices for ensuring software safety in modern development pipelines.

DASTDevSecOpsIAST
0 likes · 13 min read
Security Testing Practices in DevSecOps and Huawei Cloud
Architects Research Society
Architects Research Society
Jul 28, 2020 · Information Security

11 Practical Tips for Delivering Security as Code in DevOps

This article explains what "security as code" means, why shifting security left in the software development lifecycle matters, and provides eleven actionable tips—including understanding Secure SDLC, using SAMM, integrating SAST/DAST, and automating security checks—to help teams embed security directly into their DevOps pipelines.

AutomationDASTDevSecOps
0 likes · 10 min read
11 Practical Tips for Delivering Security as Code in DevOps