As new pieces of software are being written every day, the threat of malicious hacking continues to grow. According to a new report, there will be about 111 billion lines of new software code created this year, and with them will come billions of software vulnerabilities.
“Applications have become inviting targets for malicious actors, but securing those programs has proven to be challenging to both security teams and developers,” according to the report. “Too often, key vulnerabilities get buried in a blizzard of information created by tools unable to prioritize defects in software.”
(Related: How to get SaaS security right the first time)
According to Anita D’Amico, CEO of software security solution provider Code Dx, the challenge today is getting people to do things right from a security perspective. “In general terms, it means getting the workforce to comply with security processes,” she said. “With respect to application security it means getting the software developers and testers to recognize the need to find and fix application vulnerabilities early in the SDLC.”
To combat the ongoing software security problem, the 2017 Application Security Report suggests a new hybrid approach will have to be adopted that combines static application security testing and dynamic application security testing, as well as Runtime Application Self-Protection (RASP).
“RASP was created to protect applications under attack in real time, but, when combined with dynamic testing, it has proven to be useful in helping developers prioritize vulnerability findings,” the report stated. “That not only reduces the risk of an app making it to market with a major security defect but it accelerates the time it takes to put a secure app in a user’s hand.”
With this new approach to security, the report revealed the application security market should grow from US$2.24 billion in 2016 to $6.77 billion in 2021, outpacing the growth of cybersecurity.
“While we anticipate 12% to 15% year-over-year growth of the cybersecurity market through 2021, our synthesis of various research has led us to expect the application sector will grow by 16% to 18% during that period,” said Steven C. Morgan, founder and editor-in-chief of Cybersecurity Ventures, a research and market intelligence firm.
The report also finds that automation will become more critical in the coming year in order to scan the billions of lines of code to detect and remediate flaws in a time efficient manner.
“Software developers and testers can build security testing directly into their development environment,” said D’Amato. “They can make it a normal part of the development process, not a resource-intensive additional activity. A new breed of AppSec tools, called Application Correlation and Management Systems, embeds the source code testing tools into the integrated development environment, and interfaces with continuous build servers like Jenkins and with issue trackers like JIRA.”
The report was published the Cybersecurity Ventures and sponsored by Code Dx.
“Most people think of cybersecurity as related to networks. But there is a separate area that is specific to application or software security, which is growing rapidly but doesn’t get a lot of attention in the media,” said D’Amico. “We thought it was important for Cybersecurity Ventures to bring the growth of application security aka AppSec to the attention of the cybersecurity market.”