fbpx

This is How Rapid AppSec Fills the Security Gap

DevSecOps Quick Start

Publish Date

Dec 10, 2019

Written by

Dave Howell

Tagged with

  • Rapid AppSec

Few would argue that application security isn’t a critical component of an overall cybersecurity strategy. Software is the heart of everything we do, in work and in our personal lives—and as a result, the role of software security has very real consequences on humans and their machines.

That said, application security isn’t easy, in part because doing it right means building a well-thought-through vulnerability scanning strategy, one that covers the entirety of the software development lifecycle. From code that developers build to open source components to containers to applications in production, there’s a lot of work to be done in terms of identifying issues that might put an application at risk.

Given this, it’s not surprising that security gaps exist. In fact, in a study ZeroNorth published in October, we shared data that shows most companies lack a comprehensive application security program. Some may use SCA, SAST, DAST or container scanning tools, but it is rare to find an organization that has more or all of these capabilities in place.

While the sporadic-scanning approach may be commonplace today, we see more and more companies looking to build a strategy aimed at driving continuous and comprehensive vulnerability scanning. These strategies are important and take time, primarily because evaluating, testing and onboarding new scanning tools cannot be done overnight.

If security gaps exist—and filling these gaps takes time—then what? To answer that question, today ZeroNorth launched a new solution for Rapid Application Security. Thanks to open source security scanning tools embedded directly within the ZeroNorth platform, companies can leverage new vulnerability discovery capabilities—and quickly. Since the tools are embedded within the platform, deployment and management of the tools are incredibly simple, too.

The value of the solution is that it enables customers to leverage open source security scanning tools today, while continuing to focus on the more rigorous evaluation of commercial tools as well. In other words, you can use the ZeroNorth solution for Rapid AppSec to quickly fill security gaps while a longer-term strategy—likely centered on commercial scan tool deployments—moves forward.

Specific open source tools delivered as part of the solution include:

  • OWASP Dependency Check (Recheck) for software composition analysis (SCA)
  • Bandit, Brakeman and SonarQube for static application security testing (SAST)
  • Aqua Trivy, Clair and Docker Content Trust for container security
  • OWASP Zap for dynamic application security testing (DAST) of deployed web applications
  • Prowler, ScoutSuite and AWS Security Hub ​for AWS cloud security testing

If you’re building out a more robust application security strategy but need some stopgap measures as your commercial tool selection process moves forward, check out what ZeroNorth has to offer. We think there are some great capabilities you can deploy—quickly!—to help build and bolster your long-term security program. If you’d like to see our platform in action, feel free to request a demo.


eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now

Videos

Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles

Win

DevSecOps

“Security First” for the Win at Bluescape

By ZeroNorth Aug 12, 2021

Technology providers are feeling heavy pressure to provide the best user experience, the most intuitive UI, and are racing to release better and better versions of ...

Read More

DevSecOps

Need an AppSec Program Fast? Get with the Platform!

By Joanne Godfrey Jun 3, 2021

With software now at the heart of both business and life, the need for application security (AppSec) has never been more critical. If your software is ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.