March is a time of the year that historically marks big changes. Going all the way back to the time of Shakespeare, we’ve been told to “beware the Ides of March” and more recently, we have Pi day being celebrated on March 14th.  And did you know that one of the most iconic locations in the world, the Eiffel Tower in Paris, France, opened to the world in March of 1889? From countries in the Northern Hemisphere starting the Spring season, to Southern Hemisphere countries winding down Summer, March is a big month.

And this year, not only can you celebrate March, you can celebrate a MAJOR addition to application security!  For the first time under HCL, AppScan has announced a game-changing version release!  Get your green light with application security, and experience first-hand how adding appsec to your delivery pipeline can do wonders to raise the safety and confidence of what you deliver.  Think of it as your own pot of gold at the end of your release rainbow.

Get Your Green On

It’s no secret that the most common color seen in March is green. From the new leaves and flower buds forming to St. Patrick’s Day, green is everywhere.  But, unexpected security issues that appear in applications can leave also leave us feeling a little green. For that reason,  today more than ever consumers expect and demand security as a top priority.

However, at many organizations, efforts to increase security are seen in only one color.  Red.  As in stop.  Think about it.  When security enters the discussion, do people usually get excited?  No.  Often, they are expecting to hear “you can’t do that”.  Even in the best of businesses, security is seen as a cautious yellow and an inhibitor to growth.

But what if security actually enabled you to go faster? What if you could turn security from a red stop to a green light?  What if you found more ways to say “yes”?

HCL AppScan v10 adds a host of new capabilities to enable actionable application security at DevOps speed, so you can hit green and go.  Capabilities like a slider that allows you to trade off between scan speed and scan depth. Now you can fine-tune scans based on where you are in the software lifecycle.  Just starting a project?  Scan for speed, so you get fast feedback on vulnerabilities that matter most.  Getting ready to go to production?  Scan for the greatest depth to make sure you haven’t missed something critical.

Check out plenty of other new capabilities that you can take advantage of, all designed to give you great confidence without slowing innovation.

Beat the Banshee

Imagine it’s the last QA run before release date, and your final round of testing is being completed.  Everyone has fingers crossed, hoping for a clean result.  And then it happens.  A security test reveals a major vulnerability.  And if that isn’t bad enough, it is also highly exploitable.  No choice – it has to be fixed now, and your release date is in serious jeopardy.  Let the shrieking begin.

Hopefully this scenario doesn’t sound too familiar, but it plays out more often than we would like.  Thankfully, it can be largely avoided.

When an organization adds application security into a development pipeline, developers get critical feedback to resolve vulnerabilities in context, as they occur.  And this means faster fixes and more time spent innovating.  It’s a proven trend.

The 2016 Puppet Labs State of DevOps survey found “high performers spend 50 percent less time remediating security issues than low performers”. The 2018 version of this report expanded the idea, noting high performing organizations were 24 times more likely to automate security configurations.  When examining why automation was so critical, the report concluded, “This is because they build security into the software delivery cycle as opposed to retrofitting security at the end”.

And in 2019, the survey was almost entirely devoted to the impact that security has on DevOps.  One of the key findings was that “integrating security deeply into the software delivery lifecycle makes teams more than twice as confident of their security posture”.

So, add application security to your pipeline this Spring and save the shrieking for when you want to hear it – like the joyful kind you make at your release party.

Luck Favors The Prepared

Many people try to navigate a perfect balance of digital transformation, cloud computing and big data to find gold in the marketplace.  In doing so, a lot of new methodologies (like microservice architectures) and new delivery models (like containers) have emerged.  These are great additions, but they also provide an ever-changing threat landscape to deal with.  With so much change occurring so often, it is easy for security teams to feel hard-pressed.

In fact, a recent study found that 88% of Cybersecurity and InfoSec teams spent at least 25 hours per week investigating and detecting application vulnerabilities.  And 83% spent at least that much in remediation efforts.  The ideal situation is for those teams to be finding and fixing issues not easily addressed by other means.  Too often, their time is spent just trying to triage results to get to the real issues.

Having strong application security in the software delivery lifecycle helps bring that balance to life.  It allows the more common, easier-to-fix issues to be handled by other teams, freeing your InfoSec experts to do what they do best.  And, doing so ultimately builds the trust and confidence in teams that is needed for larger transformations.

Get Your Application Security 4-Leaf Clover

And to make your own luck, we believe you need to have your own application security four-leaf clover with the following “leaves”:

  • Static Application Security Testing (SAST) for checking source code changes
  • Dynamic Application Security Testing (DAST) at key integration stages and milestones
  • Interactive Application Security Testing (IAST) to monitor for key vulnerabilities
  • Open Source (OSS) to identify vulnerabilities in third-party software

Each of these testing methodologies has its place in a software development pipeline.  When used well, they greatly reduce overall risk and cycle times.  AppScan v10 has enhanced capabilities in each of these areas, to provide the best combination of breadth, depth, quality and speed for application security.  And each is further enhanced by leveraging automation, intelligence and machine learning capabilities for additional insight, detection and remediation.

Get Your Green Going With Application Security

So, celebrate with us, by checking out the latest AppScan V10 enhancements in our livestream playback.  Learn the difference that incorporating application security into your delivery pipeline early and often can make.  See how it enables you to go green, quickly identify and remediate vulnerabilities, and free security teams to deal with the more critical issues.  By having development teams and security teams working in tandem, you will be better positioned to release high quality applications that lead to greater consumer trust, lower risk and fewer breaches.

We also encourage you to sign up for a free, 30-day trial of HCL AppScan on Cloud, so you can test-drive AppScan V10 for yourself.

Comment wrap
Further Reading
a/icon/common/search Created with Sketch.