IaC – A Potential Source of Vulnerabilities, or an Opportunity for More Secure Infrastructure?
Last month, ICIT sponsored an online panel discussion featuring a number of application development and cybersecurity experts from across industry, the federal government, and the Department of Defense. This panel discussion focused on two new security vectors that have arisen as application development practices and technologies have evolved – infrastructure as code (IaC) and APIs.
Five Reasons Why Agencies are Choosing SAST Over WAF
Article originally posted by the GovDevSecOpsHub here.
Today’s Application Security (AppSec) measures focus on protecting web applications. These measures include methods of preventing data or code within the application from being compromised or hijacked. AppSec is an essential part of the Software Development Life Cycle (SDLC) and ensuring that applications are secured must be a top priority in today’s ever-evolving and expanding digital landscape.
Six Ways AST Keeps Digital Citizen Services Secure
Article originally posted to the GovDevSecOpsHub here.
When in-person processes became impossible during the pandemic, the extent to which public sector services relied on them became apparent. Town halls, municipal offices, schools, and colleges were forced to close their doors to the public, and the need to provide digital alternatives to citizen services so that constituents could continue to access them became clear.
From “Trust but Verify” to “Never Trust” – The Importance of AST in Application Development
In our last article on the GovDevSecOpsHub, we sat down with Peter Archibald, the Regional Sales Manager for DoD and FSI sales at Checkmarx, and Jeff Ingram, a DoD Regional Sales Manager at Checkmarx, to discuss the inclusion of the company’s application security testing (AST) solution in Platform One’s Iron Bank.
Raise the AppSec Bar in Federal Government: Train Developers to Code Securely
Federal agencies are developing and releasing software and apps at a rapid speed. This haste comes at a price. Verizon reports that nearly 70% of the data breaches it investigated in 2019 were due to attackers targeting vulnerabilities in public-facing web applications. It also introduces compliance risk.