Application security—AppSec for short—is crucial in the development of software products. If those products aren’t secure, it doesn’t matter what they do, how much fun they are, or how many bells and whistles they have, because they can put you at risk.
But the evolution of the market into cloud computing and DevOps, along with an exponential increase in deployments that require ever-increasing speed in development, have created a much larger attack surface for security teams to defend.
Yet while organizations are expanding their development teams to meet the deployment demands, they aren’t making similar expansions to their AppSec teams. That creates a gap between the applications an organization can develop and those they can secure.
Rod Musser, product manager within the Synopsys Software Integrity Group, has spent seven years managing products that assess and visualize organizations’ security risks. Previously he has been a developer, architect, and development manager for enterprise software, so his experience covers all the AppSec bases. He joined Synopsys earlier this year with the WhiteHat Security acquisition.
In this episode of AppSec Decoded, Musser and Taylor Armerding, security advocate at Synopsys, discuss those challenges, what kinds of problems they create for development teams, and the solutions available to address those challenges, including WhiteHat™ Dynamic, a software-as-a-service dynamic application security testing (DAST) solution.