In a recent webcast, Dan Kuÿkendall, Senior Director of Application Security Products at Rapid7, gave his perspective on how security professionals should respond to applications, attacks, and attackers that are changing faster than security technology. What should you expect for your application security solutions and what are some of the strategies you can use to effectively update your program? Read on for the top takeaways from the webcast “Skills Training: How to Modernize your Application Security Software”:
- Expect more from automation – It's important to leverage as much automation as possible. Make sure the tools you are using are covering the newer and more difficult technologies like AJAX, JSON and shopping cart.
- REST support is essential – You must start understanding RESTful interfaces and JSON in particular. The world is moving in this direction on web and mobile and leaving defensive tools in the dust. Most web app firewalls don't know how to deal with JSON and it takes them a long time to parse and validate content there, derailing them.
- Adopt a DevOps mindset – Partner with your development teams to understand how you can integrate security testing into their continuous integration and testing processes. To be successful and truly support change and growth in application security programs, DevOps must plug into what development teams are already doing and become part of their existing process. Bridge the gap between security and DevOps by running tests during nightly builds. Perform checks, report vulnerability findings into the existing bug system, and there will be more acceptance and progress from both sides.
For the in-depth look at how to modernize your application security software: view the on-demand webinar now.