In a recent Summer Security Fundamentals webcast, our panel of cybersecurity experts discussed application security and the pressing questions many of you likely face in your organization: How do you bring the builders and defenders together for a seamless DevSecOps culture? How do you empower development and operations to really care about security? At what point do you need to hire an outside team to build your appsec program?
In this blog, we will share some insightful tips on all things application security:
Banish the security police
Sometimes it feels like DevOps and security professionals are on opposing teams. Developers live and breathe software development but might not be up-to-date on the best security practices. Security experts see problems and are eager to fix them, but their solutions don’t always match the daily reality of development and operations--especially in today’s world where the pressure to release high quality software is growing faster everyday. Security feels that development often doesn’t prioritize protecting the application, and developers and operations teams resent security teams coming in like an authority figure and insisting on changes. Our panelists agree that for an application security testing program to be effective, the typical relationship between security and DevOps teams has to change.
As security professionals, sit down with development and operations practitioners and even non-engineer stakeholders. Try to really understand their perspectives and what their day-to-day concerns are. This will help you provide the most practical soluti ..
Support the originator by clicking the read the rest link below.
