Hi everyone @r/cybersecurity,
I want to understand what are the responsibilities of a web application security analyst in Secure SDLC and use of SAST tools ?
Is it job of a developer/sec analyst to run sast tools? Where do the pentester/security analyst come in when the company wants to use tools like hp fortify,checkmarx,sonarqube etc.
Do the web application security analyst role require Knowledge of both DAST and SAST tools?
How to implement them in a project as a security analyst?