start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Close
Select Page

In this era of digital transformation, vast amounts of information is available to people and organizations worldwide, almost instantly with a click or swipe. It is worth pausing to consider the security features behind the increasing number of web applications that are allowing this all to happen. What happens if private information leaks, money is stolen, or a cyber virus attacks and all information is lost?

These are the questions that leading organizations are considering when developing the applications they need to maintain their edge in a competitive economy. What are the potential risks and vulnerabilities in these applications, and how can development teams find and address them early on before they are released to minimize the need for more costly fixes when systems are breached?

API security is fast becoming a critical tool in overall application security as a growing percentage of cyber attacks have been focused on vulnerabilities associated with how this interface interacts with a wide array of open-source and third-party integrations.

According to Forrester research, 53% of breaches from external attacks are attributed to the application and the application layer.* When organizations were asked which security practice they were incorporating into their customer-facing applications, most mentioned software composition analysis (SCA), which identifies open-source components being used in software and alerts developers to any known vulnerabilities in those components.

SCA is increasingly being integrated into the existing development lifecycle alongside SAST (Static application security testing). Colin Bell, HCL AppScan CTO at HCLSoftware says API security also has a part in software supply chain security, with IAST playing a growing role, encompassing parts of SCA as well. Supply chain is more a process than it is necessarily any feature of a product.*

Together, these tools provide developers with better feedback and enable them to catch more vulnerabilities in their codebase at even earlier stages in the process. All of this reduces the need for costly fixes down the road.

Effective triage and remediation during the development lifecycle are hot topics in the industry. Auto-remediation is increasingly being looked at as the next big step in helping software engineers reduce the manual work in not only finding vulnerabilities but automatically fixing them as well.

All this is to make a point that API security and related security testing around open-source and third-party components are now priorities for security developers. They are more carefully considering which APIs exist within their platform prior to release. They are adopting a more DevSecOps approach to ensure all aspects of the APIs and related open-source components are tested early in the development process. And the interest in auto-remediation is increasingly leading to discussions around artificial Intelligence (AI) and machine learning, and how these powerful tools can improve program offerings that enable greater cloud security, governance, and overall risk management.

Organizations that are putting this all together have a pretty fierce application security platform to boast about.

HCL Software Customer Experience Executive, Robert Cuddy, predicts that five or 10 years down the road, you will ask AI to generate an application according to the data input and prompts it is given.  And the AI will write code, but it’ll be the most efficient, machine-to-machine code that humans might not even understand.*

SDTimes shares a more detailed account of The Importance of Security Testing in their latest feature covering all things API, security testing and how application security software’s past is shaping the future to become a more risk-averse and technology-forward industry.

* taken from The Importance of Security Testing 

Comment wrap

Start a Conversation with Us

We’re here to help you find the right solutions and support you in achieving your business goals.

  |  December 12, 2024
Building Resilient Applications with AST and ASPM: A Dual Defense Strategy
Learn how Application Security Testing (AST) and Application Security Posture Management (ASPM) work together to secure your applications in the Digital+ world. Download HCLSoftware's free eGuide to get started.
  |  December 5, 2024
How Cryptocurrency and Blockchain are Reshaping Supply Chain Security
Discover how cryptocurrency and blockchain enhance supply chain security with tamper-proof ledgers, instant payments, and smart contracts. Improve efficiency and trust.
  |  November 27, 2024
The Hidden Cost of Security Fixes for Software Developers
Developers spend up to 19% of their time on security tasks, costing companies $28K per developer annually. Learn how to reduce this burden and improve your application security posture with HCL AppScan.