Driving Application Security Earlier into the Software Development Lifecycle

April 06, 2016

In today’s Whiteboard Wednesday, Kim Dinerman, Solutions Marketing Manager at Rapid7, will discuss the importance of driving application security earlier into the software development lifecycle.

As web applications continue to grow in popularity and complexity, security vulnerabilities are inevitable. It is important now, more than ever, that security teams develop a firm partnership with developers as they are building out web applications.

In this video, Kim will talk about the cost benefit of finding vulnerabilities earlier in the software development lifecycle. She will also go over some best practices on how you can leverage third party integrations that can help automate the security testing of your web applications.

Watch this week’s Whiteboard Wednesday to learn more.


Video Transcript

Hi! Welcome to this week's Whiteboard Wednesday. My name is Kim Dinerman, and I'm responsible for solutions marketing for AppSpider. Today's topic is driving application security earlier into the software development life cycle. This is one of the key challenges security experts are struggling with. We know that it's less expensive to find security defects earlier in the life cycle, and we need to find automated ways to do that. So once you've established a partnership with your developers and you're working to drive security earlier into the life cycle, there are several best practices you can use to automate the process to find security defects earlier.

Show more Show less

The first best practice is continuous integration solutions. So, you can integrate your dynamic application security solution into your continuous integration solution so that every time there's a build in the software, you can automatically kick off a dynamic scan. You can also integrate with bug tracking systems, or GRC solutions like JIRA, and when you integrate with a solution like that your security defects are reported right alongside your other software defects, which makes it much easier for your developers to resolve them. We don't want to be thinking of scan report, scan report. We want this dynamic application security process to work seamlessly in with the software development life cycle.

And finally, you can and should be evaluating ways to integrate dynamic scanning into your automated testing solutions like Selenium. So the dynamic scanning can run right alongside your functional testing scripts, and also enhance your security testing and drive it earlier into the life cycle. So again, look for ways to automate and integrate application security into your life cycle by integrating with continuous integration tools like Jenkins, bug tracking systems like JIRA, and automated testing solutions like Selenium. At Rapid7, we're committed to having many integration options in each of these topics, and we find that our customers are able to successfully have a DevSecOps minded security program and drive application security into the software development life cycle early.

If you're interested in driving application security earlier into the life cycle in an automated way, visit rapid7.com/appspider, request a trial of AppSpider, and we'll get started right away working with your organization to figure out how we can integrate into your development tools and drive security earlier into your life cycle. And that's all for today's topic, we look forward to seeing you next time.