5 Application Security Concepts That Developers Should Master Now
There are five key application security concepts that you must master to produce strong, secure apps. Check out this post to learn more about these key concepts.
Join the DZone community and get the full member experience.Join For Free
It’s become common knowledge that developers need to incorporate strong application security into the software developed by their organizations. That being said, the application security testing technology space continues to evolve rapidly, and many developers are unable to keep up with all of the fast-paced developments.
The purpose of this blog is to spotlight five key areas of application security specialization that developers need to master now. They can be recapped as follows:
In a recent study by the Ponemon Institute, 60 percent of respondents felt positively about the potential ability of AI-based technologies to improve the productivity of their IT Security personnel. In the same study, 60 percent of respondents stated that AI-focused technologies provided more comprehensive security than humans alone could offer. You can learn more about AI by reviewing my recent blog on DZone titled, “The Magic of AI in Static Application Security Testing.”
According to research by IBM’s technology partner, WhiteSource, roughly one in 16 open-source download requests were for a known vulnerability. If you need to find out more about how your organization can better manage risks associated with your open-source components, check out our blog titled, “Why You Need to Think Differently About Open Source Security.”
Virtually, everyone who reads this blog should be familiar with the term, “DevOps.” But, are you familiar with the more recent term, “DevSecOps?” The concept of DevSecOps holds that security is a core component of the Software Development Lifecycle (SDLC) process, resulting in faster development cycles and improved vulnerability protection. For additional information on this compelling topic, check out Shannon Lietz’s blog called, “What is DevSecOps?”
In my day job in application security, I’ve often heard the false assumption expressed that “developers aren’t concerned about risk management.” From my perspective, nothing could be further from the truth. The developers I’ve personally collaborated with have taken strong pride of authorship in their code and certainly don’t want it to be riddled with security vulnerabilities. When you consider that 55 percent of respondents to a separate Ponemon Institute study stated that their organizations had no formal planned application security testing cycles, a baseline knowledge of potential risks that can result from security vulnerabilities is paramount for everyone.
It is no longer sufficient for organizations to simply protect their users’ mobile devices. They also need to protect the applications that they develop for their customers, employees, partners, and other key stakeholders. Check out my co-authored blog with Larry Ponemon titled, “10 Key Findings From Ponemon Institute’s Mobile and IoT Application Security Testing Study,” to obtain further details.
Are there any additional topics that you’d like to include in the list above? Simply share your feedback in the comments section below. Thank you!
Opinions expressed by DZone contributors are their own.