With so many breaches hitting the news this summer, it’s time to reflect on what more can be done to get ahead of the game—before there is a problem. Whether breaches are caused by un-patched vulnerabilities like the ones at the NSA and Equifax, ransomware like WannaCry, or misconfigured cloud objects like the Verizon breach, security concerns have remained center stage in 2017.
DZone’s Guide to Proactive Security takes a closer look at the techniques and principles for shifting security left and addressing threats and vulnerabilities sooner in the Software Development Life Cycle (SDLC). In addition to looking at the role developers play in security, the guide discusses how security applies to modern operations and DevOps teams as well as providing key stats from Dzone’s 2017 Application Security Survey.
This year CloudCoreo, Synopsys, NowSecure, Security Innovation, and Zscaler teamed up to sponsor a look at what it means to be Proactive with Security and the role developers have in solving the security problems in our industry. The guide includes a deeper look at:
- A DevOps approach to building security
- Baking security into the development lifecycle
- Application security for modern operations teams
- Checklist: How to go zero trust like Google’s BeyondCorp
- Executive insights on proactive security
Executive Summary Excerpt
Application security is still a major issue among software developers and their users. A single breach caused by one overlooked issue, such as the Equifax attack in September 2017, can impact millions of customers around the world. With the rise of high-profile ransomware and DDoS attacks, we’ve heard that more and more developers are realizing the importance of developing for security and making sure their apps are secure, but where are their priorities, and what are they doing to combat the growing list of threats?
A single breach caused by one overlooked issue, such as the Equifax attack in September 2017, can impact millions of customers around the world.
Key Research Findings Excerpt
540 software professionals completed DZone’s 2017 Application Security survey.
The most commonly seen types of vulnerability from the OWASP Top 10 (respondents answered that they have seen these vulnerabilities often or very often) are security misconfiguration (28%), sensitive data exposure (22%), and using components with known vulnerabilities (21%).
On average, respondents said that 20% of deployments are made with known security vulnerabilities, and 67% of respondents say they make their customers aware of known vulnerabilities in their application.
Download the Guide