blogRecent NewsK2 Cyber Securtiy | Web Application Security | Application Security Platform

Blog

May 25, 2020 By Timothy Chiu, VP of Marketing
Application Development Mistakes: Sacrificing Security for Speed

A new article in devops.com outlines the 5 mistakes organizations make when sacrificing security for speed in getting their applications to production.  It’s a common problem, during this pandemic, as organizations rush to get applications moved to the cloud to support workers that are working remotely.  It’s important to make sure you dont’ forget security in the rush to get to production.  Security needs to be taken more seriously given the increase in cyber attacks

If your organization is under pressure to deliver applications from development to production quickly, there’s a few good reminder from the article about what you need to do so security doesn’t become a casualty in the development process.

The article covered five possible mistakes you’re making as you accelerate your move to production:

  • Not Looking at Data Security Holistically
  • Not Considering Security Across the Application Development Lifecycle
  • Not Focusing on API Security
  • Not Providing Strong Authorization and Authentication Methods
  • Not Incorporating Vulnerability Testing Throughout the Development Lifecycle

I’m not going to cover the entire article here in this blog article, but I did want to touch upon a few points that I thought the author made that are really important to remember.  In the first section about looking at security holistically, the article makes a point about development teams relying too much on authentication and authorization to protect data, but it’s important to remember there are parts of any application that are accessed without identity verification, and any vulnerabilities in the authentication/authorization is also an issue.  Security is needed for all parts of the application.

Another important point the article brought up is making sure that security is tested across the entire application, that looking at silos of code bases might miss issues that exist across different parts of the code base or in the interaction between different parts of an application (for example from the authentication module to the access module).  Some of the most high profile breaches (such as the Capital One attack) have occurred in vulnerabilities that existed in the interaction between code modules.

The final topic I’m going to comment on is probably the most important, which is making sure there is continuous vulnerability testing and assessment during the development cycle.  We know that security threats are evolving faster than ever, with more attacks than ever as well.  The Open Web Application Security Project (OWASP), provides a good list of the top 10 security risks found in web applications and is a good place to start with security testing.

There are ways to incorporate security testing into the development process without having to slow down the process.  In fact with K2 Cyber Security’s application security platform, you can actually speed up remediation of vulnerabilities, getting you to production faster.  K2 works with existing vulnerability and pen testing tools, with no modification to the infrastructure.  After a test is run, K2 provides additional detail into found vulnerabilities, including file name where the vulnerability exists, and the exact line of code where the vulnerability resides, meaning that developers can remediate problems more quickly.  In addition K2 can also find additional vulnerabilities that the pen and vulnerability testing tools may have missed.

From the article:

“While speed may be the name of the game, rolling out your applications without considering security would have little positive impact if they fail to function and are not secure… While your application development plans may be time-critical, security cannot be an afterthought, because sacrificing security for speed may make it longer for you to mitigate the risks than achieve your application development goals.”

In addition to working in pre-production with development testing tools, K2 also works as a runtime application security platform.

K2’s runtime deterministic application security platform monitors the application and has a deep understanding of the application’s control flows, DNA and execution.  By validating the application’s control flows, deterministic security is based on the application itself, rather than relying on past attacks to determine a zero day attack.  Deterministic security results in the detection of sophisticated zero day attacks and also protects from application from the risks listed in the OWASP Top Ten.

K2’s Next Generation Application Workload Protection Platform addresses today’s need for runtime security in an easy to use, easy to deploy solution.  K2’s unique deterministic security detects new attacks without the need to rely on past attack knowledge, is lightweight, and adds under a millisecond of latency to the running application.  To aid in quick remediation of vulnerabilities, K2 also provides detailed attack telemetry including the code module and line number being in the code being attacked, while at the same time integrating with leading firewalls to do real time attacker blocking.

Change how you develop and protect your applications.

Find out more about K2 today by requesting a demo, or get your free trial.

 

 

Share this

Leave a Reply

Your email address will not be published. Required fields are marked *

K2 CYBER SECURITY

K2 Cyber Security delivers the Next Generation Application Workload Protection Platform to secure web applications and container workloads against sophisticated attacks including OWASP Top 10 and memory-based attacks, and provides additional vulnerability detection. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production servers to identify the location of the vulnerable code in real-time. K2’s solution generates almost no false alerts, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools including Web Application Firewalls, and dramatically reduces security cost. K2 Cyber Security is located in the USA, and provides cyber security solutions globally.

CONTACT INFO

K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131