DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations

Trending

  • Operator Overloading in Java
  • Mastering Time Series Analysis: Techniques, Models, and Strategies
  • From On-Prem to SaaS
  • Auditing Tools for Kubernetes

Trending

  • Operator Overloading in Java
  • Mastering Time Series Analysis: Techniques, Models, and Strategies
  • From On-Prem to SaaS
  • Auditing Tools for Kubernetes
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. Application Security Today

Application Security Today

There are many techniques and the more thorough and automated the better.

Tom Smith user avatar by
Tom Smith
CORE ·
Jul. 31, 19 · Opinion
Like (2)
Save
Tweet
Share
4.34K Views

Join the DZone community and get the full member experience.

Join For Free

To understand the current and future state of application security, we obtained insights from five IT executives. We asked them, “How is your company securing applications?” Here’s what they told us:

  • We protect applications from the inside, adding sensors that understand the context of what the application is actually doing. This level of visibility beats external controls (e.g., understanding that NoSQL databases are not vulnerable to SQL Injection).
  • We have empathy for the developer since 80% of our clients are developers. We know developers are being asked to make something that’s relevant, useful, popular, scalable, performant, and secure. We begin by understanding that developers have a lot on their plates, and we think about how to make their lives as easy as possible. We make the AppSec concern consumable and actionable by the developer.
  • We can answer this question from two perspectives: how we help users of our Application Release Orchestration platform deliver secure software (including reporting in order to provide a paper trail of the various techniques used to secure the produced applications) and how we help ISVs that are building software that needs to be secure.

    Our platform provides clients with a way to create enterprise pipeline templates to document and execute all steps from code commit to production. These templates can serve as a yellow brick road to production that includes all manual and automated steps, amongst which security scanning is done as part of the process. The “shift left” practice in DevSecOps is helping organizations improve quality and security by moving to test earlier in the release process, and our DevOps Platform makes this process auditable and explicit. We do this by integrating other vendors, such as SonarQube, Black Duck, Checkmarx and Fortify, into pipelines, which can prevent the release from going forward as security violations are identified, even with the new discovery of zero-day vulnerabilities during the release process.

    Additionally, our security and compliance dashboard templates enable release managers and DevOps engineers to track security issues in applications that need to meet IT compliance requirements. We help them identify applications that are failing to meet security standards. The dashboard gives the team a complete overview of test results from the static application security testing (SAST), dynamic application security testing (DAST), and open source security management (OSSM) tools in their release pipelines.
  • We segment applications from each other and give them their own authenticated and encrypted network. Using a full PKI implementation, secure tunnels, dedicated data centers, and direct dedicated connections to cloud application providers we secure applications on a network end-to-end.
  • DevSecOps is the way to secure the application across the entire lifecycle — securing left, programming, building, and production is application security throughout the lifecycle. Development is getting faster, and application security needs to be able to support development.

Here’s who shared their insights:

  • Erik Costlow, Developer Relations, Contrast Security
  • James McClay, Product Manager, Cybera
  • Doug Dooley, COO, Data Theorem
  • Joseph Feiman, Chief Strategy Officer, WhiteHat Security
  • Vincent Lussenburg, Director of DevOps Strategy, XebiaLabs
Application security

Opinions expressed by DZone contributors are their own.

Trending

  • Operator Overloading in Java
  • Mastering Time Series Analysis: Techniques, Models, and Strategies
  • From On-Prem to SaaS
  • Auditing Tools for Kubernetes

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com

Let's be friends: