3 Big Trends in Application Security

3 Big Trends in Application SecurityWith application security it seems there is never a dull moment. Different facets of web security continue to evolve from the hackers and the hacks to the techniques we use to combat them. Here are some of the trends we see emerging and maturing as best practices. Let us know if you are implementing these and how its going!

 

  1. Continuous Scanning – There’s a lot of buzz around the concept of continuous scanning, but in the world of application security, continuous scanning is sort of a misnomer because you don’t really want all of your applications scanned all the time and it would be an unreasonable use of hardware and bandwidth. In reality, continuous application scanning means constantly monitoring applications for changes and automatically launching a scan when the application has changed. Talk to your vendor about their ability to conduct this “continuous scanning” or site monitoring with automatic re-scans.

  1. jenkins-logohudson-logoContinuous Integration (CI) – Many organizations are pushing development to use Continuous Integration solutions (such as Hudson or Jenkins or home grown solutions) to streamline QA efforts and to reduce time to market. Security teams are wise to find ways to plug their scanning activity into the CI to ensure that every build is security tested before it goes into production. This requires a scanner that works well in “point and shoot” mode and offers open API’s for running scans. Ask your vendor how their scanner would fit into your CI environment.

  1. Wselenium-logoeb browser automation integration – Most enterprise testing teams already use test automation tools & scripts such as Selenium to create repeatable tests that can be executed in conjunction with nightly application builds. It only makes sense to integrate security tests into this as well so that security tests can run automatically every time the application changes. This is a great way to catch application security vulnerabilities early and often.

For more information on the key trends and best practices in application security, check out the new Application Security Buyers Guide and this blog, 5 Ways to Squeeze More Juice out of Your Application Security Program.

About Dan Kuykendall

Dan Kuykendall is the founder and co-CEO at the premier application security solutions provider NT OBJECTives, Inc. Throughout his career, Dan has helped develop advanced dynamic application security testing software, a fundamental aspect to NT OBJECTives’ reputation as a leader in comprehensive web application scanning. Dan has also worked for McAfee’s Foundstone and Fortis, where he founded the U.S. Information Security team. Connect with Dan on Google+

3 thoughts on “3 Big Trends in Application Security

  1. October 10, 2013 at 3:07 pm

    Nice post; looking forward to seeing your talk at AppSecUSA http://www.appsecusa.org

  2. May 29, 2014 at 10:55 pm

    Great Read. Agreed.

    Continuous integration and scanning is essential for ever changing web applications and threat landscape.

    When evaluating the products for large enterprise, these three are must for success.

    1. Kim Dinerman
      June 2, 2014 at 1:39 pm

      Thanks for your comment Yan! We continue to hear about these requirements, particularly as you point out, from large enterprises.

Leave a Reply

Your email address will not be published. Required fields are marked *