TMCnet News
Speed of System Change and Application Security: Results of the SANS 2017 Application Security SurveyBETHESDA, Md., Oct. 11, 2017 /PRNewswire-USNewswire/ -- Fast development is actually improving application security, according to results of a new survey to be released in a two-part webcast hosted by SANS Institute on Tuesday, October 24 and Wednesday, October 25. Organizations able to make changes to their code continuously, daily or weekly are also fixing more security vulnerabilities than their slower-moving competitors, and with better results. Fast development has resulted in many other improvements, according to results, including:
"The speed of software development is accelerating, and the technologies organizations use to support businesses are becoming more diverse," says Jim Bird, SANS Analyst and author of the survey report. "Together, those variables radically change how development teams—and their security/risk management teams—think and work." Roughly 43% of respondents' organizations are pushing out changes weekly, daily or continuously, which constitutes the fast-moving organizations. But speed doesn't necessarily mean that organizations are subject to more breaches. In fact, only 15% of this year's respondents reported experiencing a breach over the past two years. Of those that were breached, the biggest sources of breaches continued to be public-facing web applications and Windows OS, closely followed by legacy applications (which are often left untested because security teams either aren't aware of them or don't have access to their source code). Custom applications are another common target of attack. "The sources of breaches don't change that much," says Eric Johnson, Application Security Curriculum product manager at SANS. "But application security teams must adapt to the increasing speed of development to successfully control their risks." Fast-moving organizations test more fequently. This leads to more automation and embedded review processes. In the survey, 54% of organizations are employing automated code review and Static Application Security Testing (SAST). "The faster an organization wants to move, the more it needs automation," says Frank Kim, the SANS Management and Software Security Curriculum lead. "But that automation comes with some trade-offs." While organizations can run many automated tests, those tests must be highly targeted, leaving room for vulnerabilities to slip through, he continues. "Periodic pen testing, in-depth manual reviews, configuration auditing, deep scanning and fuzzing are still needed to find errors that escape tight automated loops." Full results will be shared during a two-part webcast at 1 PM EDT on both Tuesday, October 24 and Wednesday, October 25, sponsored by Rapid7. Synposys, Tenable, Veracode, and WhiteHat Security, and hosted by SANS. Register to attend the webcasts at www.sans.org/u/wUu and www.sans.org/u/wUz Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and application security expert, Jim Bird, with advice from Eric Johnson, Frank Kim and Barbara Filkins. Tweet This: SANS AppSec Survey 2-Part Webcast: Securing apps in a fast-paced world Oct 24 www.sans.org/u/wUJ | Oct 25 www.sans.org/u/wUO Risks and rewards of fast-paced deployment cycles: Results of SANS AppSec survey revealed | www.sans.org/u/wUJ Learn how to protect containerized apps and mitigate breaches. Join us Oct. 25 | www.sans.org/u/wUO About SANS Institute
View original content:http://www.prnewswire.com/news-releases/speed-of-system-change-and-application-security-results-of-the-sans-2017-application-security-survey-300534834.html SOURCE SANS Institute 
|