In the world of application security testing, the terms “code coverage” and “vulnerability coverage” are frequently used. But what do they really mean? Essentially, code coverage is the amount of the code that is scanned to identify potential vulnerabilities in a software application. Vulnerability coverage refers to the number of defects or system misconfigurations in the software code that could pose potential threats.
An article by Ken Prole, CTO of Code Dx, was published in the Security Today magazine’s April 2019 edition.
An essential element of the application development process is scanning the software to find potential vulnerabilities. Static Application Security Testing tools are notorious for returning lots of results (often thousands, even for relatively small applications), which can overwhelm a developer. But no matter how they feel about the results, software developers must understand that by running only one application security testing tool—even the best on the market—they are missing most of the weaknesses in their code.
The Code Dx team was proud to provide application security training on behalf of (ISC)² at the August 2017 Metro NY branch’s workshop and training sessions. The slides are available for download.
Application Security Testing Slides