start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Close
Select Page

In this era of digital transformation, vast amounts of information is available to people and organizations worldwide, almost instantly with a click or swipe. It is worth pausing to consider the security features behind the increasing number of web applications that are allowing this all to happen. What happens if private information leaks, money is stolen, or a cyber virus attacks and all information is lost?

These are the questions that leading organizations are considering when developing the applications they need to maintain their edge in a competitive economy. What are the potential risks and vulnerabilities in these applications, and how can development teams find and address them early on before they are released to minimize the need for more costly fixes when systems are breached?

API security is fast becoming a critical tool in overall application security as a growing percentage of cyber attacks have been focused on vulnerabilities associated with how this interface interacts with a wide array of open-source and third-party integrations.

According to Forrester research, 53% of breaches from external attacks are attributed to the application and the application layer.* When organizations were asked which security practice they were incorporating into their customer-facing applications, most mentioned software composition analysis (SCA), which identifies open-source components being used in software and alerts developers to any known vulnerabilities in those components.

SCA is increasingly being integrated into the existing development lifecycle alongside SAST (Static application security testing). Colin Bell, HCL AppScan CTO at HCLSoftware says API security also has a part in software supply chain security, with IAST playing a growing role, encompassing parts of SCA as well. Supply chain is more a process than it is necessarily any feature of a product.*

Together, these tools provide developers with better feedback and enable them to catch more vulnerabilities in their codebase at even earlier stages in the process. All of this reduces the need for costly fixes down the road.

Effective triage and remediation during the development lifecycle are hot topics in the industry. Auto-remediation is increasingly being looked at as the next big step in helping software engineers reduce the manual work in not only finding vulnerabilities but automatically fixing them as well.

All this is to make a point that API security and related security testing around open-source and third-party components are now priorities for security developers. They are more carefully considering which APIs exist within their platform prior to release. They are adopting a more DevSecOps approach to ensure all aspects of the APIs and related open-source components are tested early in the development process. And the interest in auto-remediation is increasingly leading to discussions around artificial Intelligence (AI) and machine learning, and how these powerful tools can improve program offerings that enable greater cloud security, governance, and overall risk management.

Organizations that are putting this all together have a pretty fierce application security platform to boast about.

HCL Software Customer Experience Executive, Robert Cuddy, predicts that five or 10 years down the road, you will ask AI to generate an application according to the data input and prompts it is given.  And the AI will write code, but it’ll be the most efficient, machine-to-machine code that humans might not even understand.*

SDTimes shares a more detailed account of The Importance of Security Testing in their latest feature covering all things API, security testing and how application security software’s past is shaping the future to become a more risk-averse and technology-forward industry.

* taken from The Importance of Security Testing 

Comment wrap

Start a Conversation with Us

We’re here to help you find the right solutions and support you in achieving your business goals.

Secure DevOps | November 8, 2024
Protecting Software Supply Chains with SBOM & PBOM
Learn how SBOM and PBOM are transforming software supply chain security. Explore how these tools help organizations identify vulnerabilities, ensure compliance and mitigate risk from cyberattacks targeting third-party vendors and open-source components.
Secure DevOps | November 6, 2024
Enhancing Project Security with HCL AppScan’s Visual Studio Plugin
Secure your code from the start with HCL AppScan's Visual Studio plugin. Detect and fix vulnerabilities early in development with automated scanning and real-time feedback.
Secure DevOps | October 23, 2024
New Licensing Changes & MHS Launch in HCL AppScan Version 10.7.0
Learn about HCL AppScan Version 10.7.0 licensing changes, including the new My HCLSoftware portal for seamless license management and compliance.