Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

When are security testing tools classified as ALM tools?

Application security testing tools can sometimes be considered part of the ALM tool set, and sometimes they fall under the category of the security management process. Read this expert response to learn how Mike Jones distinguishes different security test tools based on the specific application being built.

Are security test tools considered “ALM tools”?

As we all know, ALM is a category that is hard to lock down in terms of what is considered an ALM tool and what is not. When it comes to security test tools, I am on the fence based on the type of application to be built. For example, if you are building embedded systems or operating level software then I would expect that the concept of security testing for security breach vulnerabilities might be done by the actual development team -- thus making security test tools part of your ALM tooling. 

However, if you are building enterprise software, i.e., business applications, then I suspect that you will have security specialists to do this type of investigation and testing outside of the normal application development process and lifecycle. Right or wrong, this is what I typically see. In this case I would say your security test tools are actually part of the security management process and not part of ALM.

In either example, I think a solid security testing approach is something that any good application development shop should be on top of, whether they do the testing or share it with security specialists.  Remember, from a business perspective, if you deliver application software that exposes your organization to risk, or worse, causes a real breach, then you will suffer severe consequences from both the costs associated with resolving the breach and the impact that it has on your company’s brand and reputation.

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.