Companies shift 'left and right' for quality, secure application code

The balance of deploying secure applications vs. time to market continues to be the biggest risk to organizations.

  • Wednesday, 21st September 2022 Posted 2 years ago in by Phil Alsop

Invicti Security has released a new white paper: “Automated Application Security Testing for Faster Development,” from independent industry analyst firm Enterprise Strategy Group (ESG). The report covers how Invicti customers are cost-effectively incorporating security into their development processes to secure their applications.

Organizations have been challenged in adapting their application security strategies and solutions as they undergo digital transformation for faster development cycles. As organizations migrate workloads to the cloud, they speed up development but also increase the risk of security vulnerabilities as application development and security teams clash on priorities. In fact, an earlier ESG study found that 48% of developers push vulnerable code in order to meet deadlines.[1]

Traditional application security solutions haven’t worked well to scale with modern development because they are costly to deploy and manage, they raise too many alerts and false positives, and they don’t work in modern development workflows.

The report describes how:

With the move to the cloud, organizations need a seamless solution that gives them protection and coverage for all of their applications, not just certain business-critical applications. Otherwise, simple coding mistakes can leave them vulnerable to attacks that could compromise company or customer data.

A leading television service network serving 26 million viewers has deployed Invicti to help them deliver secure applications on time, enabling them to innovate while protecting information collected online, particularly the personally identifiable information (PII) of viewers and staff, as well as its own company data and intellectual property.

A global travel and vacations company uses Invicti to cost-effectively automate security testing for applications across its portfolio of companies, enabling developers to fix security issues within their workflows.

Invicti customers also reported time and cost savings with fewer security incidents and teams working more efficiently with security integrated with developer workflows.

“With the increasing speed of development, companies need fast, seamless security solutions that integrate extremely well with developer workflows and tools, so they can bridge the gap between developer and security team priorities and needs,” said Sonali Shah, Chief Product Officer at Invicti. “Dynamic application security testing (DAST) is the best-positioned tool to reduce the risk of pushing out vulnerable web applications without burdening developer teams or slowing them down.”

“The development lifecycle is an intricate process that requires many pieces and technologies to be successful. Adding security as an afterthought to this process is proven to create points of exposure for organizations,” said Melinda Marks, Senior Analyst at ESG. “With Invicti’s approach to application security, security experts can help developers infuse secure practices into their development processes so that security enables innovation instead of slowing things down or blocking it.”