Applications should be analyzed periodically and the use of scanners makes it possible to automate a first level of analysis that looks for vulnerabilities, especially security vulnerabilities. With the results of well-known metrics, it is possible to move on to a second level of analysis that complements and eradicates potential vulnerabilities.
In this presentation, SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools will be presented, as well as some conclusions and good practices to implement.