<iframe src="//www.googletagmanager.com/ns.html?id=GTM-WQV6DT" height="0" width="0" style="display:none;visibility:hidden">

SECURITY INFLUENCERS BLOG

Security influencers provide real-world insight and “in-the-trenches” experiences on topics ranging from application security to DevOps and risk management

CAS: The Best Way to Modernize Application Security

Posted on May 16, 2017 by Christine Carrig, Director of Marketing

Topics: DevOps

continuous-application-security.jpegIn case you don't recognize the acronym, "CAS" stands for Continuous Application Security. It may not become a household name, but here at Contrast we believe it will be as common as "WAFs" within our industry.  CAS will help lead the way to integrating modern DevOps methodologies for software development.

CAS is an approach, long advocated by the founders of Contrast Security, to "secure" code without slowing down software development and deployment. By adding "sensors" into the application code itself the software is infused with vulnerability assessment capabilities so that security flaws are quickly and automatically identified. This process eliminates security scanning as a separate step in the SDLC — reducing departmental friction and increasing speed to market. Win! Win!

CAS is now being embraced by organizations that build work flows based upon this automated and continuous methodology. Edward Amoroso, former AT&T CISO, and Founder and CEO of TAG Cyber, shared his insights after speaking with Jeff Williams, Contrast Security Co-founder & CTO in a recent blog post, "Significant Advances in Continuous Application Security."

The Contrast technical solution involves an exciting concept known as “security as code,” where security policy is enforced through a collection of distributed agents that are embedded into the full range of applications in an enterprise. These agents automate continuous application security by integrating directly with applications, which implies that the software development and operations teams can provide security assurance without the need for separate testing.

Another individual embracing CAS is Scott Parsons, a Senior Enterprise Security Architect at a Fortune 500 Financial Company. Scott recently shared his story of how the fast pace of application development and the movement to the cloud has led his company to adopt CAS. According to Scott, "There is no other option now [than continuous application security]. Security has to be through code... Old manual methods do not work any more."

 
 
 
 
 
2:25
 
 
 
2:25
 
 
 
 
 
 
 
 
 
 
Wistia video thumbnail - On The Street Interview: Instrumenting Application Security with Scott Parson, Fortune 500 Financial Company
 

Thanks for reporting a problem. We'll attach technical data about this session to help us figure out the issue. Which of these best describes the problem?

Any other details or context?

Cancel
message
 
 
 
 
 
 
 

Listen to an interview (2:25) with Scott Parsons, Senior Enterpise Security Architect, 
and hear how his Fortune 500 Financial Organization is deploying CAS by adding 
"insertions into the code" to automatically trigger a response. 

 

continuous-application-security

Christine Carrig, Director of Marketing

Christine Carrig, Director of Marketing

Christine’s wide breadth of marketing experience has been focused on driving revenue, building brand recognition, and creating demand-generation programs in technology organizations. For the past 11 years, her deep understanding of marketing principles, coupled with forward thinking, has been instrumental in transforming application security start-ups into successful, profitable companies.

comments powered by Disqus

SIGN UP FOR BLOG UPDATES

"There is no other option now [than continuous application security]. Security has to be through code... Old manual methods do not work any more."

 

Scott Parsons
Senior Enterprise Security Architect
Fortune 500 Financial Institution
Laptop-Blue-Bg.jpg

schedule a demo now

Discover how easy it is to spot & stop attacks in real-time.
Laptop.png
Get Demo