HackerSecret.com - The Most Authoritative Site in the World on the Hacking Tools and Techniques, Penetration Testing and CyberSecurity

  • Home
  • Visit Our Shop
  • Download the free App
  • Contact us for Info
VISIT OUR SHOP! CLICK HERE !

Developer Dilemma: Where Does the Security Knowledge Gap Come From, and How Do We Fix It?

by / Friday, 14 June 2019 / Published in Hacking
Share
Tweet
Pin
0 Shares

Best ways to help developers code more securely

When a security-related defect is found in code, it’s easy for security teams to jump to conclusions and place the blame on the developers. However, security teams need to change their approach to this issue and start understanding why there is a gap in developers’ security knowledge. Furthermore, how can we overcome that hurdle and provide our developers the tools they need to produce secure software from the start of the coding process?

Recently, Forrester’s Amy DeMartine and Trevor Lyness put together a report, “Show, Don’t Tell, Your Developers How To Write Secure Code,” to demonstrate how to use application security testing to educate developers.

Where Does the Knowledge Gap Come From?

There are a few reasons why developers have a lack of security knowledge; one significant reason is the fact that developers aren’t taught application security in school. Forrester looked at the top 40 computer science programs and found that “none of the top ranked computer science programs in the United States require a class about secure coding or secure application design.” Furthermore, general cybersecurity is offered as an option – rather than as a priority – in many schools. Only one school out of the top 40 requires a general cybersecurity course to obtain a degree in computer science.

Not only is there a lack of formal cybersecurity education, but there’s also a general unawareness about application security trends, for instance, using insecure open source components. There’s no doubt about it – open source code is a huge time-saver for developers, after all, we live in a world where time is money. Rapidly releasing software can be a huge competitive advantage for businesses across multiple industries, and open source components save a large amount of time for coders. Unfortunately, many developers don’t know that open source code is riddled with vulnerabilities that can expose the entire organization to risk. That’s where security professionals come in: they need to be working with developers to ensure they have the knowledge and resources they need to code securely.

When you consider the widespread lack of formal cybersecurity education, paired with a general unfamiliarity of application security trends, it’s no wonder that many development teams are flying blind when it comes to software security.

How Can We Help Developers?

Forrester puts it best when they say, “With the right practices and technology in place, you can encourage and enforce secure coding practices and developer accountability without sacrificing speed or quality.” Many application security solutions today education developers on the job. Forrester emphasizes the importance of choosing a tool that has brief, integratable training modules that fit right into the testing tools that the developers are using.

Another important tool to equip your developers with is a software composition analysis (SCA) tool. Developers aren’t going to stop using open source components any time soon, and it’s crucial that they’re staying on top of all of the most recent open source vulnerabilities that have been discovered. If they happen to be using an insecure component from a vulnerable library, it could mean bad news for your organization if a cyberattacker attempts to exploit it. Veracode Software Composition Analysis alerts your developers of all of the new vulnerabilities that hit the news, and tells them if they’re using the vulnerable component so that they can go in and remediate the vulnerability as soon as possible.

Beyond tools, organizations can adopt practices like red team exercises to put their developers in the role of an attacker. Learning about hacking techniques will help change their mindsets to think about how an attacker might try to penetrate their code, and they’ll keep that in mind as they design applications down the road. Assigning developer security champions puts a security advocate on your product team, without having to convince all of your developers individually to devote themselves to security. A security champion can act as a liaison between your security team and developers, and they can help convey security priorities to their colleagues.

Developers are one of your first lines of defense against a potential cyberattack, and with applications being the most frequent attack vector for companies, getting your development teams to start coding securely should be priority number one. Developers may be responsible for application security, but security professionals need to actively work with them and make sure they have the tools they need to execute the task. Check out Forrester’s April 2019 report, “Show, Don’t Tell, Your Developers How To Write Secure Code,” and get on the path towards creating more secure code.

 

RSS | Veracode Blog

Share
Tweet
Pin
0 Shares
Tagged under: come, Developer, Dilemma, From, Knowledge, Security

Search on the site

Our customers say

Annabel M. – Systems Engineer

 
Samuel D. – Ethical Hacker

 
Karola M. – Influencer

 
Marcus P. – Private Investigator

 
Rosemary S. – Housewife

 
Amit V. – IT Consultant

 
Matthew C. – Entrepreneur

 
Aisha B. – Computer Science student

 
Li W. – IT Analyst

 
Robert C. – Programmer

 

Click here now to visit our Shop!

Click here now to visit our Shop!

Other 2300 users like you have already done it this year!

DOWNLOADED 1316 TIMES!

DOWNLOADED 1316 TIMES!

Download now Hacker Secret our free Android app.

CONTACT US NOW FOR IMMEDIATE SUPPORT!

Contact Us
Write your email address here
Write here how we can help you - we support you immediately for all your needs!

Latest posts

  • How to tell if someone is stealing your wifi

  • How to check saved passwords on Chrome

  • The Computer Security Day

  • What is digital forensics

  • How to install Metasploit in Termux?

## Are you looking for products for hacking, computer security and penetration testing? Do you need to clean up your smartphone, your PC or your site from viruses and malware? Do you need to track down someone or retrieve urgent information? Do you want to buy devices already configured to experiment all the hacking techniques quickly and easily? Do you have special needs in software or hardware? ##

Contact us now … another 2300 users like you have already done it this year!

Click here now!

 

All the techniques, products and services described or contained on this site are intendend for exclusive use of study and professional training and to test the security of own's computer network in accordance with the national legislations on access to computer and online systems. All the services provided on this site (penetration testing, social accounts hardening, Incident Response & CSIRT, MSSP, Cybersecurity Consultancy, etc.) can be provided only with prior written and documented authorization from the owners or their legitimate representatives in accordance with current national regulations .

TOP
New Order