Get Creative with Your Application Security Strategy

Dec 6, 2017 by Kyle Christiansen

Application Security does not have a silver bullet. No single solution or approach will protect an organization from being vulnerable to attack. Listening to the mindset of DevSecOps, “everyone is responsible for security”, organizations should ensure that they are focusing on security as part of each technology layer: perimeter, access, servers, open-source or third-party libraries, and custom application development.

As attackers continue to be inventive, the application security risk landscape remains ever-changing, and IT professionals are seeing an increase in attacks that are both relatively new (DDoS via Mirai Botnet) and tried-and-true (SQL Injections) threats. These real threats are costing businesses money from downtime, to fraudulent transactions, or to embarrassing data breaches.

However, typical approaches to security seems to be skewed towards the perimeter – not what lies behind it.

“84% of breaches exploit vulnerabilities in the application layer, yet the ratio of spending between perimeter security and application security is 23-to-1.” – Gartner Maverick Research: Stop Protecting Your Apps; It’s Time for Apps to Protect Themselves (2014)

With the historical lack of investment into application security, and perhaps fueled by recent announcements on cyber-attacks, IT organizations should have a renewed focus on security within the application and its components. CAST can help organizations reduce software risk and strengthen their application security:

  1. CAST Highlight can be used to conduct a rapid portfolio-level analysis to immediately discover common open source frameworks in your application and soon be able compare those to known vulnerabilities provided by the CWE.
  2. CAST Application Intelligence Platform (AIP) visualizes the current software architecture and provides an automated inspection to understand what elements connect to sensitive data structures. It identifies data call pathways that are safe and which are intrinsically vulnerable to attack while helping users understand what controls are needed to prevent common attacks and enforce new architectural constructs to keep the most sensitive data secure.

Whether you utilize solutions like CAST’s system-level analysis to build a software risk scorecard, or build your own security assessment, security should be at the forefront of application development. Protection is key, because attackers are not going to quit, so we can never let our guard down. 

Filed in: Application Failure Application Quality Application Security Risk & Security Software Security
Tagged: build security in cyber attack security news
  This report describes the effects of different industrial factors on structural quality. Structural quality differed across technologies with COBOL applications generally having the lowest densities of critical weaknesses, while JAVA-EE had the highest densities. While structural quality differed slightly across industry segments, there was almost no effect from whether the application was in- or outsourced, or whether it was produced on- or off-shore. Large variations in the densities in critical weaknesses across applications suggested the major factors in structural quality are more related to conditions specific to each application. CRASH Report 2020: CAST Research on the Structural Condition of Critical Applications Report
Open source is part of almost every software capability we use today. At the very least libraries, frameworks or databases that get used in mission critical IT systems. In some cases entire systems being build on top of open source foundations. Since we have been benchmarking IT software for years, we thought we would set our sights on some of the most commonly used open source software (OSS) projects. Software Intelligence Report <> Papers
Making sense of cloud transitions for financial and telecoms firms Cloud migration 2.0: shifting priorities for application modernization in 2019 Research Report
Kyle Christiansen
Kyle Christiansen Technical Solutions Architect
Kyle Christiansen is a Technical Solutions Architect at CAST and has more than a decade of experience as a software engineer and team manager. He has designed systems and product architectures to deliver personalized, secure and highly available apps.
More Posts from Kyle >>

Write a review Average rating:
()
Newest on top Oldest on top
Load more reviews
Thank you for the review! Your review must be approved first
You've already submitted a review for this item
|
()

Get a Demo    •    Contact Us    •     Support    •     The Software Intelligence Pulse    •     Privacy Policy    •     SiteMap    •     Glossary    •     Archive

Copyright - CAST | All Rights Reserved