Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

When are security testing tools classified as ALM tools?

Application security testing tools can sometimes be considered part of the ALM tool set, and sometimes they fall under the category of the security management process. Read this expert response to learn how Mike Jones distinguishes different security test tools based on the specific application being built.

Are security test tools considered “ALM tools”?

As we all know, ALM is a category that is hard to lock down in terms of what is considered an ALM tool and what is not. When it comes to security test tools, I am on the fence based on the type of application to be built. For example, if you are building embedded systems or operating level software then I would expect that the concept of security testing for security breach vulnerabilities might be done by the actual development team -- thus making security test tools part of your ALM tooling. 

However, if you are building enterprise software, i.e., business applications, then I suspect that you will have security specialists to do this type of investigation and testing outside of the normal application development process and lifecycle. Right or wrong, this is what I typically see. In this case I would say your security test tools are actually part of the security management process and not part of ALM.

In either example, I think a solid security testing approach is something that any good application development shop should be on top of, whether they do the testing or share it with security specialists.  Remember, from a business perspective, if you deliver application software that exposes your organization to risk, or worse, causes a real breach, then you will suffer severe consequences from both the costs associated with resolving the breach and the impact that it has on your company’s brand and reputation.

This was last published in April 2011

Dig Deeper on Application Lifecycle Management Tools and Processes

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchMicroservices

TheServerSide.com

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

DevOpsAgenda

Close