The Future of AppSec
Speaker: Chai Bhat, Product Marketing Manager
Activity Details:
- IT Live Webinar that focuses on the findings of the “Software Vulnerability Snapshot” report published by The Synopsys Cybersecurity Research Center (CyRC):
-
-
- Latest AppSec trends and challenges
- Findings from “black box” and “gray box” testing
- A brief overview of best practices to address the latest AppSec challenges
-
-
What I Learned:
- Trends in the AppSec and Cybersecurity industries:
-
-
-
- Macro-Level Trends = DevOps Security, Cloud Migration, Risk Management, Software Supply Chain
- Micro-Level Trends
- BSIMM13 (measures software’s maturity through this framework – ex. Measure activities in cloud security and compare it to your peers in the industry; benchmark), integrating security options into CI/CD pipelines, supply chain disruptions, expand software security beyond apps and products
- Software Vulnerability Snapshot
- lower risk vulnerabilities can be exploited, third-party libraries often contain dangerous vulnerabilities
- A software Bill of Materials (SBOM) is indispensable to manage supply chain risk
-
-
- Applications remain the most common attach vector:
-
-
-
- Software vulnerability exploit, Supply Chain/third-party breach, Web Application exploit (SQLi, XSS, RFI), Phishing, etc.
-
-
- Top Vulnerabilities:
-
-
- Weak SSL/TLS Configuration, Missing Content-Security-Policy Header, Verbose Server Banner, HTTP Strict Transport Security (HSTS) Not Implemented, Cacheable HTTPS Content, Insecure Content-Security-Policy-Header, Weak Password Policy, etc.
- Risk Management:
- Automated tests can’t find all vulnerabilities or 100% of the flaws in design, coding and configuration
- Optimal risk management requires: design
- Hackers look for running applications and latest vulnerabilities to compromise your systems
-
- How the activity relates to coursework or your career goals:
- I am interested in learning more about Cybersecurity and am excited to take MIS4596 Managing Enterprise Cybersecurity next year.