Companies shift 'left and right' for quality, secure application code

The balance of deploying secure applications vs. time to market continues to be the biggest risk to organizations.

Invicti Security has released a new white paper: “Automated Application Security Testing for Faster Development,” from independent industry analyst firm Enterprise Strategy Group (ESG). The report covers how Invicti customers are cost-effectively incorporating security into their development processes to secure their applications.

Organizations have been challenged in adapting their application security strategies and solutions as they undergo digital transformation for faster development cycles. As organizations migrate workloads to the cloud, they speed up development but also increase the risk of security vulnerabilities as application development and security teams clash on priorities. In fact, an earlier ESG study found that 48% of developers push vulnerable code in order to meet deadlines.[1]

Traditional application security solutions haven’t worked well to scale with modern development because they are costly to deploy and manage, they raise too many alerts and false positives, and they don’t work in modern development workflows.

The report describes how:

With the move to the cloud, organizations need a seamless solution that gives them protection and coverage for all of their applications, not just certain business-critical applications. Otherwise, simple coding mistakes can leave them vulnerable to attacks that could compromise company or customer data.

A leading television service network serving 26 million viewers has deployed Invicti to help them deliver secure applications on time, enabling them to innovate while protecting information collected online, particularly the personally identifiable information (PII) of viewers and staff, as well as its own company data and intellectual property.

A global travel and vacations company uses Invicti to cost-effectively automate security testing for applications across its portfolio of companies, enabling developers to fix security issues within their workflows.

Invicti customers also reported time and cost savings with fewer security incidents and teams working more efficiently with security integrated with developer workflows.

“With the increasing speed of development, companies need fast, seamless security solutions that integrate extremely well with developer workflows and tools, so they can bridge the gap between developer and security team priorities and needs,” said Sonali Shah, Chief Product Officer at Invicti. “Dynamic application security testing (DAST) is the best-positioned tool to reduce the risk of pushing out vulnerable web applications without burdening developer teams or slowing them down.”

“The development lifecycle is an intricate process that requires many pieces and technologies to be successful. Adding security as an afterthought to this process is proven to create points of exposure for organizations,” said Melinda Marks, Senior Analyst at ESG. “With Invicti’s approach to application security, security experts can help developers infuse secure practices into their development processes so that security enables innovation instead of slowing things down or blocking it.”

Civo has published its Kubernetes State of Play report for 2022, finding that the majority of organizations are now using the technology.
Front-end developer salaries rise by as much as 40% in London, but skills shortages continue to bite as organizations struggle to attract digital talent.
With the pressure growing on financial service providers to accelerate their digital transformation efforts and deliver enhanced customer experiences in line with their digital-first competitors, industry research from Couchbase, reveals the key challenges faced by the sector’s development teams.
NTT DATA, Outsystems, and Nelson Mandela University (NMU) have joined forces to create C-VIVE, an app designed to increase cancer awareness across rural South African communities.
New solution combines state-of-the-art cloud architecture, elite-level CI/CD, enterprise-grade security, and unmatched productivity for building cloud-native applications that scale to tens of millions of users.
New research reveals that 73% of respondents admit more could be done to improve DevSecOps practices and highlights commonalities to those businesses finding success.
Siemens Amberg harnesses cloud-native application development and AI-driven data insights for faster software delivery and increased productivity across its digital factory network.
Five-year agreement, which includes the migration of Amdocs applications, will enable the quick adoption of the latest 5G innovations, facilitating new business models as AT&T Mexico’s network evolves.