Whether it’s web apps, desktop apps, or mobile apps, the "cloud" is the key to starting a software security program
Our world increasingly relies on software. Unfortunately, however, building secure software is not an established course in most universities, and the majority of developers don’t have enough experience to know the threats that exist. As a result, software today is filled with vulnerabilities. The consequences of insecure software can be found in the growing number of data breaches due to attacks against software.
Today, more and more companies are beginning to roll out software security programs. These programs typically follow a similar course:
- Hire contractors to run a penetration test against a few critical applications. This raises awareness of vulnerabilities in tested applications, and might delay some of them from going live.
- Purchase penetration testing software and develop some expertise in house. This continues to raise awareness, requires more penetration testers, and begins to get developers thinking that they need to start getting involved in order to ensure their applications "pass" the penetration test.
- Development teams work with security teams to start analyzing the code earlier in the development lifecycle. This reduces the cost of fixing vulnerabilities, educates developers on secure coding, and ensures that the penetration test doesn't uncover anything too critical.
Education becomes key; as developers become aware of vulnerabilities in their software and how to prioritize them, they develop secure coding practices that result in fewer vulnerabilities in the first place.
This is the common approach, and it has worked successfully over the years. However, the introduction of cloud-based security offerings that offer a more comprehensive view into an application’s security posture allows companies to greatly accelerate this process. The cloud combines the ease of hiring contractors with the efficiency and scaling of running a program in house.
This webinar will talk about rolling out a software security program and how the cloud can greatly accelerate the process while lowering the total cost of ownership and providing a great return on investment.
CISSPs, SSCPs and ISACA members can receive 1 CPE credit for attending each webinar. You can earn the credit by simply specifying your number on the registration form and correctly answering 3 multiple choice polling questions about the program at the end of the event.