The fight for secure applications doesn't always have to be manual.

Many existing automated tools both open source and

paid, will help expose security flaws in your applications and services.

They can show you what needs to be changed so

that you can be in a better place next time attackers come knocking.

These tools can analyze your projects while they live

on a version control system such as GitHub.

They raise issues and interrupt releases when issues are discovered.

Other tools exist to analyze your code via a command line application.

These tools perform static analysis of your code.

They look at the structure and meaning of code without running it.

And thus discover ways to more fully protect critical resources,

endpoints and other assets.

Here are just a few of the tools that exist.

Snyk integrates with your version control system, and

raises issues when it analyzes your commits and finds security flaws.

SonarQube is developed and refined by leading academic and industry researchers

to find security flaws via static analysis of code in a variety of languages.

Securityheaders.io is a site where you enter your site's URL.

It will scan your site and

tell you whether you're using the proper security headers in your request.

Proper headers help protect your site from vulnerabilities like cross site scripting

and information exposure.

Not only can you use these tools on your own, but they can be

integrated into your continuous integration and deployment pipeline.

Greatly simplifying and streamlining your baseline security testing process.

Though this topic is too in-depth to cover here, we have linked resources for

integrating automated tools in the Teacher's notes.

I strongly suggest testing out some, if not all,

of these tools with your own projects.