16 Application Security Trends That You Can’t Ignore In 2016

Application Security has emerged over years both as a market as well as a technology. Some of the key drivers had been the explosion in the number of applications (web and mobile), attacks moving to the application layer and the compliance needs.

Following are 16 Application Security Trends which we believe the industry will observe in 2016.

 

1. Beyond Tools – Build Application Security Program

As an industry mature organizations shall look at Application Security not as technology and tool problem but as a Holistic Program. BSIMM lists out more than 100 elements of application security program that is observed in more in 78 participating organization.

 

2. Hacking of Everything shall be on rise: Internet Of Things (IOT), Cars, Air Planes and more

With more of adoption of Internet Of Things (IOT) and not so secure practices by the startups, we will see a surge of Internet Of Things (IOT) devices getting hacked. Now your camera, light bulb, refrigerator, car or anything that is connected shall be hacked.

 

( Read More: 8 Questions To Ask Your Application Security Testing Provider! )

 

3. Security Testing for Continuous Integration and Continuous Deployment (CI/CD)

More and more organizations shall integrate security testing for Continuous Integration (CI) Or Continuous Deployment (CD). Scanning tools shall gradually evolve and mature to support CI/CD

 

4. Emergence of Run Time Application Self Protection (RASP), Interactive Application Security Testing (IAST) and Real Time Polymorphism tools

RASP (Run Time Application Self Protection) and IAST (Interactive Application Security Testing) is being aggressively promoted by vendors. This year shall be more of the year of awareness with potential mainstream adoption being at least 2 years away. Both RASP and IAST has it’s strengths and weakness and time will say whether they will win. Real Time Polymorphism has the potential but has slow adoption until now.

 

5. Third Party Vendor Risk Management shall become more important

Increasingly more number of organizations will ask for Penetration Testing report for applications developed by third party to manege Vendor Risks. Acceptance criteria shall not just have the functional but also the security aspects.

 

( Read More: 5 Questions You Want Answered Before Implementing Enterprise Mobili… )

 

6. Higher due diligence before adopting new cloud solution

Most of the larger enterprises shall ask for third party pen test report or more thorough due diligence before they adopt a cloud solution. Especially the newer Software As A service (SaaS) or Cloud solution providers have to provide pen test report as a part of the sales process.

 

7. Dynamic Application Security Testing (DAST) will remain the most popular form of testing with Static Application Security Testing (SAST) playing the catch up game

DAST (Dynamic Application Security Testing) had been the primary mode of application security testing and will continue to be so. It is the easiest to adopt and gives exactly the perspective of an external attacker who will not have access to your code. For Web based Applications there is resistance towards providing binaries or the code. However for mobile apps organizations are more willing to provide the binary for the client side application. This shall be one of the drivers for higher adoption of SAST (Static Application Security Testing).

 

8. Customers will ask for a combination of Static Application Security Testing (SAST)& Dynamic Application Security Testing (DAST)especially for Mobile Apps

Though organizations understand the importance of combining SAST and DAST, it is the mobile App testing which shall drive higher adoption for this. More security sensitive organizations at a higher maturity level shall conduct SAST and DAST together. DAST will continue to be the first most important type of testing.

 

9. Large organizations will scan more than 80% of their portfolio applications at least once a year

Large organizations with more than 100 apps will strive to test more than 80% of their applications at least once a year. Testing all the apps shall be one of the priorities of the Chief Information Security Officers (CISO).

 

( Read More: 9 Top Features To Look For In Next Generation Firewall (NGFW)

 

10. Application hacking incidents shall rise with the need for mature response program

Last year had been the year of hacks for big companies. 2016 shall be no different. Apart from detection and prevention, the industry shall need mature breach response program. No matter what you do – Hack happens.

 

 11. Jobs for Application Security will be more than ever before and would continue to grow

The industry has a severe shortage in terms of the number of application security testers. There are the higher number of jobs than the available eligible professionals. Few of the major trends in terms of ethical hacking as professions is available in this blog- Click Here

 

12. Majority of Large organizations shall outsource their Application Security Testing

Large organizations shall not be able to manage application security testing due to shortage of available talents and management overhead. Most of the large organizations shall outsource application security testing as a continuous program.

  

13. Organizations will move toward continuous/regular vulnerability management program

Organizations have understood that one time or sporadic testing is not enough. The industry has understood the importance of continuous or regular testing and the criticality to adopt it as a management program.

 

14. Integration of Vulnerability management program with Security Information & Event Management (SIEM) Or Web Application Firewall (WAF)

The industry shall see higher number of integration of vulnerability management program and the preventive solutions like Security Information & Event Management (SIEM) Or Web Application Firewall (WAF). This shall become one of the criteria of choosing the vendors for security testing.

 

( Watch More: Webinar on “Defusing Cyber Threats Using Malware Intelligence” )

15. Difficult to detect but more dangerous Logical Vulnerabilities

The importance of Logical Vulnerabilities in application security testing is one of the less spoken topics by the security testing product vendors. Most of the security testing products or cloud solutions are unable to cover this. Logical vulnerabilities are the most critical and difficult to detect. The mature organizations shall ask for Business Logic testing as a mandatory requirement.

 

16. Changing the habit of coders

Just awareness is not enough. Think of the number of us who know about the importance of exercise but how many can do it. We need habit forming tools and products to embed secure coding behavior right at the time somebody types out a function. Testing is too late to enter the game.

READ MORE >>  How to benchmark a web application security scanner?

Views: 135

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

Forum

Security Trends and Emerging Technologies That A CISO Should Adopt In 2021

Started by Priyanka Aash Mar 3. 0 Replies

What are the challenges you as a CISO have been facing since the last year and share some security trends that are catching up? Help the community by sharing your knowledge and personal views on this subject. Or if you have any specific questions…Continue

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2021   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */