Introduction
摘要
Cybersecurity landscape is an ever-changing area and for any industry to keep, up-to-date with all the exploits is really challenging. A domain in this space is application security (appsec) and implementation of proper application security controls is implemented as best practices across any tech enabled industry with one or more combination of tools such as Static Application Security Tools (SAST), Dynamic Application Security Tools (DAST), Secret Scanning Tools or more recently Interactive Application Security Tools (IAST). The tools are plugged in to the CI/CD pipeline as standard devsecops practice to detect and fail on vulnerabilities and to minimize or mitigate the risks associated with attack surfaces in applications which is of utmost importance to any organization to keep their cybersecurity posture intact as almost all the organizations offers their services via web app or mobile app.