In case you don't recognize the acronym, "CAS" stands for Continuous Application Security. It may not become a household name, but here at Contrast we believe it will be as common as "WAFs" within our industry. CAS will help lead the way to integrating modern DevOps methodologies for software development.
CAS is an approach, long advocated by the founders of Contrast Security, to "secure" code without slowing down software development and deployment. By adding "sensors" into the application code itself the software is infused with vulnerability assessment capabilities so that security flaws are quickly and automatically identified. This process eliminates security scanning as a separate step in the SDLC — reducing departmental friction and increasing speed to market. Win! Win!
CAS is now being embraced by organizations that build work flows based upon this automated and continuous methodology. Edward Amoroso, former AT&T CISO, and Founder and CEO of TAG Cyber, shared his insights after speaking with Jeff Williams, Contrast Security Co-founder & CTO in a recent blog post, "Significant Advances in Continuous Application Security."
The Contrast technical solution involves an exciting concept known as “security as code,” where security policy is enforced through a collection of distributed agents that are embedded into the full range of applications in an enterprise. These agents automate continuous application security by integrating directly with applications, which implies that the software development and operations teams can provide security assurance without the need for separate testing.
Another individual embracing CAS is Scott Parsons, a Senior Enterprise Security Architect at a Fortune 500 Financial Company. Scott recently shared his story of how the fast pace of application development and the movement to the cloud has led his company to adopt CAS. According to Scott, "There is no other option now [than continuous application security]. Security has to be through code... Old manual methods do not work any more."
Listen to an interview (2:25) with Scott Parsons, Senior Enterpise Security Architect,
and hear how his Fortune 500 Financial Organization is deploying CAS by adding
"insertions into the code" to automatically trigger a response.