I used to work as a software developer while back. But things have changed a lot since then. The industry has experienced so many high-profile application security breaches that resulted in the compromise of personally identifiable information, software developers now days have to become more aware of how important—and how hard—it is to write secure software. To be effective, application security has to be included throughout the complete software development life cycle.
Developers mainly focus on delivering features and on time to market. They also lack some of the skills or knowledge to build secure software. The Security and operations teams responsible for securing applications and running secure systems should work closely with the development team to provide their expertise and help build a secure software.
More organizations are developing public-facing web applications, mobile apps and cloud-based services – and these categories also carries the most concern about development risk. The rate of change is driving builders to adopt lightweight Agile, Lean and DevOps approaches to deliver software capabilities faster and more frequently. This approach challenges defenders to keep up and change how they work and think.
The gap between developers and protectors of applications is closing slightly, according to the SANS 2015 State of Application Security Survey. SANS and other institutions recommend that these two groups need to climb out of their silos and work more closely together if we’re going to build better, more reliable and more secure systems.
The SANS report discusses these challenges and how they are made more complicated by the rapidly accelerating pace of development and lack of control over applications hosted in the cloud.
Get your copy of the SANS: 2015 State of Application Security Report