Key findings on proactive application security

Posted by Synopsys Editorial Team on Friday, October 6, 2017

discover proactive application security with these key findings
As you’re probably well aware, application security is a major issue among software developers and users. After all, a breach caused by an overlooked issue, as was the case for Equifax’s recent attack, can impact millions around the globe.

The rise of high-profile ransomware and DDoS attacks is causing more and more developers to realize the importance of secure development. But what are they doing to combat the growing number of threats? How do the development process priorities need to account for security?

The current state of proactive application security

To answer these questions, DZone recently set out to survey over 500 software professionals to find out how widespread proactive application security solutions are within development organizations. Some survey highlights include:

The most concerning security threat respondents reported over the last year was phishing (49%), replacing SQL injection (48%) which was the top threat from last year’s survey.
Concerns about ransomware more than doubled from last year’s survey (19% to 40%).
On average, respondents reported that 20% of deployments are made with known security vulnerabilities. Additionally, 67% make their customers aware of known vulnerabilities in their application.
The primary types of application security testing reported by respondents are:
- Penetration testing (26%)
- Security code review (18%)
- Source code analysis (13%)
- Vulnerability assessment (11%)
Most respondents reported that security training at their organization happened on an ad-hoc basis (38%) or not at all (26%).

There’s no security finish line

There’s no finish line to building security and quality into the software development life cycle (SDLC). The sensitive nature of information that many applications consume makes them a prime target for attack. While an application or piece of software may be considered secure at a certain point, a new vulnerability could emerge at any time. Thus, it’s critical to be proactive about security.

At the same time, firms are quickly responding to evolving needs of the market. As needs evolve, software quality often remains a constant consideration when meeting development goals. Since security vulnerabilities are quality defects that can be compromised, software security should be addressed with the same level of rigor within the SDLC.

So how can organizations embrace a proactive strategy?

Disregard the emphasis on moving left. Instead, adopt an approach that builds security in. There are steps within each SDLC phase an organization can take to ensure that the software it produces is secure and of the highest quality. From training, tooling, and automation, to managed and professional services, there are a variety of solutions to infuse integrity throughout the development process without negatively impacting velocity.