Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Discussing Web Vulnerability Scanning in Continuous Integration [Video]

DZone's Guide to

Discussing Web Vulnerability Scanning in Continuous Integration [Video]

Watch this interesting interview with a security expert to learn why using a DevSecOps process while developing web apps is so crucial.

· Security Zone ·
Free Resource

DON’T STRESS! Assess your OSS. Get your free code scanner from FlexeraFlexNet Code Aware scans Java, NuGet, and NPM packages.

The earlier in the development process a vulnerability is found, the easier and cheaper it is to fix. For example, imagine a vulnerability is found during a penetration test in four- or five-month-old code. It is very difficult for your developers, if they are still the same ones, to go back and understand the logic and the code that they had written five months before.

It can be even worse. A web developer introduces a vulnerability with his new code, but since no one is pointing it out to him he keeps on using similar code for the next few months. So over a few months, he can introduce a handful of vulnerabilities.

That's why it is important to integrate automated web application security scanning in your continuous integration. Automated scanning does not replace the need for penetration tests, but it definitely helps to streamline the web development process, as Ferruh Mavituna well explained during episode 53 of Enterprise Security Weekly.

Try FlexNet Code Aware Today! A free scan tool for developers. Scan Java, NuGet, and NPM packages for open source security and license compliance issues.

Topics:
continuous integration ,web vulnerability scanning ,security ,web application security ,devsecops

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}