Companies shift 'left and right' for quality, secure application code

The balance of deploying secure applications vs. time to market continues to be the biggest risk to organizations.

Invicti Security has released a new white paper: “Automated Application Security Testing for Faster Development,” from independent industry analyst firm Enterprise Strategy Group (ESG). The report covers how Invicti customers are cost-effectively incorporating security into their development processes to secure their applications.

Organizations have been challenged in adapting their application security strategies and solutions as they undergo digital transformation for faster development cycles. As organizations migrate workloads to the cloud, they speed up development but also increase the risk of security vulnerabilities as application development and security teams clash on priorities. In fact, an earlier ESG study found that 48% of developers push vulnerable code in order to meet deadlines.[1]

Traditional application security solutions haven’t worked well to scale with modern development because they are costly to deploy and manage, they raise too many alerts and false positives, and they don’t work in modern development workflows.

The report describes how:

With the move to the cloud, organizations need a seamless solution that gives them protection and coverage for all of their applications, not just certain business-critical applications. Otherwise, simple coding mistakes can leave them vulnerable to attacks that could compromise company or customer data.

A leading television service network serving 26 million viewers has deployed Invicti to help them deliver secure applications on time, enabling them to innovate while protecting information collected online, particularly the personally identifiable information (PII) of viewers and staff, as well as its own company data and intellectual property.

A global travel and vacations company uses Invicti to cost-effectively automate security testing for applications across its portfolio of companies, enabling developers to fix security issues within their workflows.

Invicti customers also reported time and cost savings with fewer security incidents and teams working more efficiently with security integrated with developer workflows.

“With the increasing speed of development, companies need fast, seamless security solutions that integrate extremely well with developer workflows and tools, so they can bridge the gap between developer and security team priorities and needs,” said Sonali Shah, Chief Product Officer at Invicti. “Dynamic application security testing (DAST) is the best-positioned tool to reduce the risk of pushing out vulnerable web applications without burdening developer teams or slowing them down.”

“The development lifecycle is an intricate process that requires many pieces and technologies to be successful. Adding security as an afterthought to this process is proven to create points of exposure for organizations,” said Melinda Marks, Senior Analyst at ESG. “With Invicti’s approach to application security, security experts can help developers infuse secure practices into their development processes so that security enables innovation instead of slowing things down or blocking it.”

Low-code adoption rose from 77% in 2021 to 94% in the “Mendix 2022 State of Low-Code in Key Verticals” including financial services, insurance, retail, public sector, and manufacturing.
Automation Consultants has formed a new partnership with JFrog Ltd., the Liquid Software company and creators of the JFrog DevOps Platform, to help customers across EMEA accelerate and secure their software development processes using JFrog's suite of DevOps products. Metacloud enables AI developers to leverage optimized hardware for AI workloads in one click via the Intel Developer Cloud, serving as another step to the sky computing vision.
NEC solutions built and delivered on Red Hat OpenShift, the industry's leading enterprise Kubernetes platform for mission-critical applications.
Acquisition extends CloudBees DevSecOps capabilities with SaaS-based release orchestration.
Innovations and updates across the suite give customers the insight and control to increase productivity, enhance profitability, and drive growth.
76% of USA and UK respondents have experienced an API security incident in the last 12 months.
Couchbase has published findings from industry research examining the challenges faced by development teams amid the race to the cloud and to execute on digital transformation initiatives.