Using Automated Tools for Securing Your Site

The fight for secure applications doesn't always have to be manual. 0:00 Many existing automated tools both open source and 0:04 paid, will help expose security flaws in your applications and services. 0:08 They can show you what needs to be changed so 0:13 that you can be in a better place next time attackers come knocking. 0:16 These tools can analyze your projects while they live 0:20 on a version control system such as GitHub. 0:23 They raise issues and interrupt releases when issues are discovered. 0:26 Other tools exist to analyze your code via a command line application. 0:31 These tools perform static analysis of your code. 0:36 They look at the structure and meaning of code without running it. 0:40 And thus discover ways to more fully protect critical resources, 0:44 endpoints and other assets. 0:49 Here are just a few of the tools that exist. 0:52 Snyk integrates with your version control system, and 0:55 raises issues when it analyzes your commits and finds security flaws. 0:58 SonarQube is developed and refined by leading academic and industry researchers 1:04 to find security flaws via static analysis of code in a variety of languages. 1:09 Securityheaders.io is a site where you enter your site's URL. 1:15 It will scan your site and 1:22 tell you whether you're using the proper security headers in your request. 1:23 Proper headers help protect your site from vulnerabilities like cross site scripting 1:28 and information exposure. 1:33 Not only can you use these tools on your own, but they can be 1:35 integrated into your continuous integration and deployment pipeline. 1:39 Greatly simplifying and streamlining your baseline security testing process. 1:44 Though this topic is too in-depth to cover here, we have linked resources for 1:50 integrating automated tools in the Teacher's notes. 1:55 I strongly suggest testing out some, if not all, 1:58 of these tools with your own projects. 2:02