Getting your application security program off the ground

2021-03-11 11:51

"Application security was traditionally very low on CISOs' priority list but, as the attacks targeting applications increase in frequency, it's getting more attention," Eugene Dzihanau, Senior Director of Technology Solutions at EPAM Systems, told Help Net Security.

He also notes that separating the application security domain is not advisable - it's best to look at application and cloud infrastructure security together and holistically.

"Unfortunately, automation is not everything, and developers need to obtain the necessary knowledge and make security part of their day-to-day work. Security aspects need to be addressed not only during testing but continuously in design development and deployment too. While terms security by design and shift-left are well known, organizations only start to realize now what changes and implications this brings to the development process."

Setting up a successful application security program.

Application security is difficult to get right, but Dzihanau offers some tips for pulling it off.

"Let's take a continuous delivery approach as an example. It significantly shortens the time between introduction of a change and release to production, but security people need to understand the application development and the other way around. Hybrid skills are essential, and security quality gates are crucial for success."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/8rLj30scL3Q/

#security