Learn How to Build a World-Class Application Security Program

How to Build a World-Class Application Security Program

Despite the growing importance of application security in organizations of all sizes, most face an increasing number of challenges to implement a strong application security program. Custom code, a growing number of open source libraries, and emerging technologies such as containers are complicating AppSec, making it difficult to keep pace—particularly for organizations that don’t have a dedicated application security program.

To better understand the state of application security, we conducted an in-depth survey with Cybersecurity Insiders of their 400,000-member cybersecurity community. While some of what we found was surprising, much of it validated what we had already suspected, and put a finer point on the magnitude of the problem. For example, 42 percent of all respondents report that the “rush to release” causes application developers to neglect secure coding procedures and processes, and 21 percent report that security is completely ignored in their DevOps process.

Percentage of developers neglecting secure coding procedures

While this data is certainly interesting, and in many cases alarming, it’s far more valuable to put these statistics into context to understand not only what they mean, but also what can be done about them. In a recent Webinar, How to Build a World-Class Application Security Program, Cybersecurity Insiders CEO Holger Schulze interviewed Kenna Security’s very own AppSec experts Jonathan Cran and Jerry Gamblin. They discussed some of the major findings from the report and what organizations can do to efficiently reduce their application risk without needlessly taking development teams away from their primary responsibility of getting features out the door.

Jerry and Jonathan also discuss the application security pipeline, how to apply advanced security programs in continuous integration/continuous development (CI/CD) environments, and how to gain visibility using a DevSecOps model.

Tune in now to learn from these industry experts from Cybersecurity Insiders and Kenna Security.