Modern Application Development Security

Based on a survey of cybersecurity and application-development professionals conducted by Enterprise Strategy Group (ESG), this e-book examines the dynamics between development teams and cybersecurity teams regarding the deployment and management of application security solutions. Many industry verticals are represented, including manufacturing, financial services, construction/engineering, and business services. 

Download the report


Key objectives of the study

  • Examine the buying intentions of application security teams regarding dev-time AppSec controls
  • Determine the extent to which security teams understand modern development and deployment practices, and where security controls are required to mitigate risk
  • Understand the trigger points influencing application security investments, and how decision-makers are prioritizing purchase decisions

Key findings of the study

Security vs. speed
Time pressures drive many teams to push vulnerable code into production. As application security shifts left into the development realm, teams struggle to balance the competing goals of security and speed.

DevOps is critical
Whether teams are fully embracing DevOps practices or simply increasing the automation of their development processes, most are looking for solutions that work with the tools they are already using.

Developers need security training
Few college degrees in computer science require application security coursework as part of their curriculum. As a result, the burden of training developers on secure coding practices falls to employers—who struggle to fill the gap.

Tool consolidation is a high priority
It is challenging to manage and correlate results from the myriad AppSec tools and techniques (static analysis, software composition analysis, dynamic analysis, etc.) used by organizations today. Teams are looking for solutions to provide multiple forms of analysis in a unified suite.