Defending web and mobile applications against the bad guys has always been hard, there is no escaping that fact. However it doesn’t seem to be getting any easier either. Evolving development practices (Agile, DevOps, CD/CI, IaC) have a big part to play, but there are several other trends that are also not helping the situation. So in this modern world of development, how can we better secure these applications?
The short answer is we need to change the way we approach application security, by designing an application security programme or secure software development lifecycle (SSDLC) that fits better into these evolving development practices…
I have started posting longer form articles to Medium so you can read more about the above there:
Defensive Application Security in a Modern Era - Part 1 Building an Application Security Programme - Part 2 Tackling Security Culture and Awareness - Part 3 Delivering an Application Security Training Course - Part 4