Defending web and mobile applications against the bad guys has always been hard, there is no escaping that fact. However it doesn’t seem to be getting any easier either. Evolving development practices (Agile, DevOps, CD/CI, IaC) have a big part to play, but there are several other trends that are also not helping the situation. So in this modern world of development, how can we better secure these applications?
The short answer is we need to change the way we approach application security, by designing an application security programme or secure software development lifecycle (SSDLC) that fits better into these evolving development practices…