Software Integrity

 

You can’t take a one-size-fits-all approach to application security

What’s in your security toolbox?

If you’ve invested in a tool to assist with your security efforts, you’re not alone. According to a recent survey by 451 Research, tool acquisition is on the rise:

  1. Web application scanning (dynamic scanning) – 60% adoption rate
  2. Web application firewalls – 38% adoption rate
  3. Database security – 36% adoption rate
  4. Code or binary analysis (static testing) – 28% adoption rate

451’s Wendy Nather recently joined our webinar series and shared her insights with Synopsys’ John Steven on the use of security tools.

According to Wendy, because most organizations have a limited budget for application security, they end up adopting just one tool. Some choose web application firewalls because it’s the easiest way to comply with security regulations. Others opt for tools that can give them quick wins, so they often start with dynamic testing tools to guard their Internet-facing perimeter.

But, she noted, there’s a problem with staking your security on a single application security tool.

Web application scanning finds only 20% of potential threats.

Your best option is a hybrid approach.

Companies that attempt a blanket approach to testing suffer from serious security gaps. As organizations amass applications, they need a holistic approach that analyzes past results, assesses potential risk, and highlights areas that merit deeper vulnerability testing. They should also opt for strategies that allow them to fix and prevent problems, not just test for them. To stay ahead of evolving risks, they must employ a variety of strategies, not a singular one.

But for most organizations, investing in multiple tools simply isn’t economically feasible. A better approach is investing in a scalable, flexible service that combines the benefits of manual and automated testing.

Find out why you need to right-size your application security testing.

In the recorded webinar, you can learn more about Wendy’s insights on the current state of application security testing and hear how you can improve the flexibility and scalability of your current application security regime.