Top 5 AppSec Productivity Hacks 2022

  • Share on Twitter
  • Share on LinkedIn
  • Share on Instagram

The application security (AppSec) industry moves fast. Development, security and operations (DevSecOps) practitioners are having to find creative approaches to drive productivity, efficiency and enhanced security across software development.

At Uleska, we speak to a lot of people who either simply don’t know where to start or who get caught up in processes that become difficult to scale.

So how can you scale DevSecOps as the business grows?

To help tackle this challenge, we asked our network of industry experts to share their top tips concerning ‘the job’ of application security, including:
  • Laura Bell, Co-Author of Agile Application Security, CEO at SafeStack Academy
  • Andrew Martin, Co-Author of Hacking Kubernetes, CEO at ControlPlane
  • Jamie MacDonald, Head of Security at Rasa.
  • Robbie Tyrie, Application Security Lead at FNZ Group

In this article, which is the first of a series of blogs, we share the top five hacks that experienced DevSecOps practitioners have discovered over the years. Let’s dive in.

1. Curiosity is key to improving application security

“Curiosity is a superpower in application security. You don't have to be a penetration tester or weakness researcher - you need to be insatiably curious and creative. Be the person who asks "what if I did this?" and go find out - that's how cyber security flaws are found.”

 

2. Share AppSec scanning findings fast

“Raise findings from appsec scanning as early as possible in the CI process. Where possible, use things like IDE extensions to raise issues to devs as they write the code. The earlier devs receive these findings, the less they'll have to context switch and feel they've been interrupted.” 

 

3. Threat modelling isn’t just for application security

“Threat modelling a system generates an order of precedence for applying security controls, creating an impact-based list of defences that will tangibly increase an organisation's security. This is traditionally an application security practice, but extending it to infrastructure brings great benefits to a system before, during, and after its creation.”

 

4. Build a network of Security Champions

“Use ‘Security Champions’ as much as you can. You’ll find people within the development teams who are good at security and can support the roll out of security tools and processes, helping them to be successful. Champions help scale security beyond the security team, and can give great feedback on how things are actually going.”

 

5. Work/life balance leads to better application security

“Just like any job, don’t burn yourself out, take the weekends and vacations as you should. If the security of the company depends on you being there, doing things 24/7, then you're going to become a single point of failure in the process, and you’re going to fail. Look to set up processes and automation where you can, so you’re not on the critical path. That way you and the company will be better off.”

 


 

Top 5 AppSec Productivity Hacks 2022

 


 

So, there we have it. The first Top Five AppSec Productivity Hacks of 2022. We look forward to tracking how the AppSec space matures over the next 12 months and we expect to see practitioners taking advantage of new ways of working with regard to culture, processes and tools. 

Interestingly, the majority of tips submitted so far are not only technical hacks but rather improvements of processes and softer skills within security and development teams. Similar to many disciplines within the security landscape, the need for refreshed processes, skills and collaboration is often a more important consideration than purely technical skills. 

We hope to continually collaborate with our network, tapping into this vast pool of expertise, to get a sense of how the application security landscape is evolving. We aim to highlight more hacks every quarter and we’d love to hear from you if you have any insights of your own.

Do you have any suggestions or tips around AppSec? If so, please email your contributions or ideas to Raquel at Uleska.

 

what is uleska?

Uleska helps security and development teams manage application security at scale by automating and orchestrating their preferred security tools within CI/CD.

With Uleska, teams can confidently start an AppSec program using open-source, commercial, and custom tools and then quickly change, add or scale tools as the technology and business needs evolve. Uleska also brings speed and scale when integrating into development tools, and when reporting metrics and risk.

By bringing security, DevOps and development teams together, we help reduce manual tasks so application security takes less time and money, while also enabling scale. This allows teams to focus resources on the issues and metrics that matter. Interested? Find out more about us! 

 

Subscribe to the Uleska blog

You may unsubscribe at any time using the unsubscribe link in the newsletter.

Popular Articles
Visit the Blog
Tools

Open Source Security Testing Tools

Security tools are an essential part of software development today, especially with the ever-increasing number of attacks we see every year....

Security

Security Orchestration Automation and Response (SOAR)

Security teams frequently struggle with the volume of alerts and issues they are tasked with daily. On average, most enterprises receive between...

Security

Secure Software Development Life Cycle

Software development has evolved into an incredibly complex machine, with several moving parts to keep track of. Teams get more extensive, and...

Security

Application Security Orchestration & Correlation

Application Security is a constantly evolving industry, with new threats and methods to combat them appearing regularly. One of the more recent...

Tools

How to improve security tool selection and customisation with Uleska Toolkits

We know starting your application security (AppSec) journey can be a little overwhelming. After all, choosing your tools from scratch and setting...

Application Security

What is Application Security? A Beginner’s Guide

What is Application Security? Application Security is defined by developing, adding, and testing security features in an application or website....

Security

Vulnerability Assessments in Application Security

Did you know that over 79% of developers surveyed in 2020 stated their applications had 20 or more vulnerabilities on average? As the digital world...

Security

Defining and breaking down Vulnerability Management

No system is perfectly secure, as proven by software analysis firm CAST, which reviewed 278 million lines of code and discovered more than 1.3...

Company News, Featured

Toolkits: Taking the guesswork out of security tool selection and customisation

There are thousands of amazing AppSec tools out there, but this can be both a blessing and a curse. While the headway and innovation we are seeing...

DevSecOps

How to eliminate risk when scaling application security

Building robust application security is a lot like building a house—you want it done thoroughly, without any missing parts. However, there is a...

Security

What is the OWASP Top 10 and how to use it?

Cybersecurity has been a rising concern in the last decade. In 2021, researchers have seen 50% more attacks per week on corporate networks compared...

Security

What is Shift Left? Ultimate Guide to Shift Left Security

With today’s fast development speeds, it’s hard to keep up with security practices for some organisations. This is especially true in the last few...

Security

What is Software Composition Analysis?

Open-source software has become a vital part of development in the last decade. However, utilising these components often comes with several caveats,...

DevSecOps

DevSecOps tool examples that will alleviate your workload

The saying goes: “Many hands make light work.” Nowhere is this more apparent than in DevSecOps where developers and releases outnumber security...

DevSecOps

What is CI/CD? A Complete Guide to CI/CD

Software development cycles have changed immensely in the last ten years. New practices and design philosophies are being tried every day. One of...