In order to scale application security (AppSec) to meet the pace of the software feature development, AppSec must engage developers with new workflows that balance security and productivity. The increase in feature velocity of the modern software development lifecycle (SDLC) is driving a disconnect with AppSec. The SDLC is automated and fast, while AppSec remains manual and slow. In a recent survey, 96% of developers reported that the disconnect between security and development workflows inhibit their productivity. This point is not lost on AppSec professionals who, in the same survey, reported that building developer-friendly workflows is their top priority. Yet, every aspect of security polled had at least 86% of developers agreeing that it inhibited their productivity. It is clear that attempting to stretch traditional AppSec tools that were designed in a different era, for a different purpose and a different user is not working.
The modern development workflow is git-based. Developers have become accustomed to immediate feedback loops for feature bugs, such as unit testing, as part of their check-in process. When submitting pull/merge requests, build rules prevent new code that fails unit tests from being accepted into the master branch. Hence, code quality standards are enforced and each developer is accountable for meeting them in the code they write.
What can security learn from this efficient workflow?
This webinar will explain how to rethink AppSec workflows for developers from the ground up. The results of which can be a dramatic increase in developer productivity, typically resulting in a 5X decrease in mean-time-to-remediation of vulnerabilities. The webinar will cover: