Posted by Synopsys Editorial Team on January 15, 2016
If the applications can move to cloud, why can’t security testing?
This is a question often asked by proponents of the cloud movement. In this article, I will highlight what, how, why, and when to choose a cloud-based approach for application security testing through the five essential factors.
Cloud-based (aka on-demand) application security testing is a relatively new type of testing in which the applications are tested by a solution/tool/scanner hosted in cloud. It differs from traditional application security testing in a few ways.
As more and more applications are being deployed in cloud, serving all kinds of end points, I have observed a shift of focus from “securing applications” to “securing applications fast, at scale.” Cloud-based application security testing is real and answers many of the questions asked by senior personnel across large enterprises and SMBs alike.
The application to be scanned is either uploaded (usually done for mobile applications, thick clients, or static code analysis) or a URL (Uniform Resource Locator) is entered into an online portal. If required, authentication workflows are provided by the customer and recorded by the scanner. For internal applications, appropriate network exceptions are needed so the scanner can access the application. The customer then configures, customizes, and initiates the test. Upon completion, the scanner provides the test results with a detailed findings description and remediation guidance.
Here are the five essentials to be considered while adopting a cloud-based application security testing strategy:
Every organization has different needs and goals. I cannot recommend one method over another without understanding the nitty-gritty of the specific case at hand. However, apart from the five essentials I’ve mentioned here, I’d also consider a few additional points:
Figuring out whether or not to watch your team’s NFL playoff game is a simple decision. Cloud-based application security testing, on the other hand, isn’t. That is exactly why we’re here to help.
Get the latest Software Integrity news, thought leadership, and more.