Security News > 2020 > January > Embedding security, the right way

Moving from annual security testing to an almost daily security cadence has put a huge strain on legacy approaches to automated testing, with the need for a centralized team of experts to run tools that undertake static analysis and dynamic scans.

New technologies such as interactive application security testing and runtime application self-protection empower developers to do their own security.

This means breaking security work up into small pieces and carrying them to completion, rather than splitting security work across a series of gigantic phases and never connecting the dots.

Most traditional approaches would have a threat model identifying SQLi, a security architecture with defenses for SQLi, security requirements, secure coder training, security libraries to use, scanning tools, penetration testing, security code review and web application firewall rules.

The idea of turning security requirements, security policy, security architecture, and security coding guidelines into software is very powerful.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/OJmRzhYXKUY/