Using Dynamic Scanning to Secure Web Apps in Development and After Deployment
Building secure web applications takes more than just testing the code to weed out flaws during development and keeping the servers on which it runs up to date.
Code is becoming more secure as security testing is pushed earlier in the development cycle, but public-facing web apps are still the main source of data breaches, according to 41% of respondents to the 2016 SANS Application Security Survey.
That may explain why the percentage of those respondents assigning vulnerability scanning to IT operations rather than development rose from 22 percent to 30 percent between 2015 and 2016.
To keep web apps secure, IT ops groups are increasingly adopting Dynamic Application Security Testing (DAST) tools that have long been a favorite of penetration testers and security auditors. The "black-box" testing approach of DAST allows scans without advanced knowledge of coding languages or techniques.
Many DAST tools are also able to find vulnerabilities that have nothing to do with code ' inconsistent or faulty server configurations, flaws in authentication and authorization schemes, or imperfect integration with firewalls and other security systems.
Register for this webcast to learn:
- How DAST tools can reduce dev costs and security flaws when used in both dev and ops environments.
- How to avoid organizational gaps between dev and ops that can make remediation difficult.
- How to identify quick wins by closing unsuspected gaps in security;
- How to automate and manage regular scans and create security baselines to be used as standards for vulnerability scanning and infrastructure planning.
Click here and you'll be among the first to receive an associated whitepaper with full analysis and explanation of these and other AppSec/vulnerability scanning issues and a Q&A for attendees with report author and SANS expert Barbara Filkins.
