<iframe src="//www.googletagmanager.com/ns.html?id=GTM-WQV6DT" height="0" width="0" style="display:none;visibility:hidden">

SECURITY INFLUENCERS BLOG

Security influencers provide real-world insight and “in-the-trenches” experiences on topics ranging from application security to DevOps and risk management

Thoughts on Modern Security Practices and Security Frameworks

How have modern assets like cloud instances, web-based applications, mobile devices, application containers, and others affected your security and risk management program?

application-security-in-the-cloud.jpg

It's way past time for organizations to realize how ridiculous it is to not expect web applications and APIs to be attacked. There is no perimeter, and there are no "internal" applications. Application security isn't optional, it's the leading cause of breaches.

The explosion of libraries and frameworks, APIs, containers, CI/CD, and other modern development practices have left traditional AppSec practices and tools in the dust. Organizations should continuously inventory, assess, and protect every application and API in their portfolio.

What are the business benefits and security benefits of adopting a security framework? 

Cybersecurity is insanely complicated.

People often compare it to securing houses or cars. But, these analogies massively underestimate the challenge(s). For most organizations, a better analogy is securing an entire city. Think legislature, locks and guards, alarms, fire department, and social services. Adopting and customizing a cybersecurity framework is critical to achieving a balanced program, and can help with identifying gaps, budgeting, executives, etc... But remember, adopting a framework doesn’t secure anything – it just helps you get organized.

As you build-out your framework and incorporate modern security practices, be sure to check out some useful tips in our Continuous Application Security Handbook (CAS). It makes recommendations on how to build a unified program covering the entire software lifecycle.

continuous-application-security

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. In 2002, Jeff co-founded and became CEO of Aspect Security, a successful and innovative consulting company focused on application security. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years.

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook