Application security testing (AST) is the process of making applications more resistant to security threats. AST is achieved by identifying security weaknesses and vulnerabilities in source code.
Initially a manual process, most organizations now automate application security testing throughout the software development lifecycle using a variety of application security testing tools.
Application security testing tools include
Static application security testing (SAST)
Dynamic application security testing (DAST)
Mobile application security testing (MAST)
Interactive application security testing (IAST)
Runtime application self-protection (RASP)
Application security testing best practices include
Testing internal interfaces, not just APIs and UIs
Regular testing of code and third-party components
Limiting user access to data
Integrating patching into your CI/CD