1 Why we need application security


This chapter covers

  • The current state of application security
  • Going right or going left
  • Breaches caused by insecure applications
  • The cost of inaction

Every company uses software to function. Whether it is a Fortune 500 technology company or a sole-proprietor landscaping company, software is integral to businesses large and small. Software provides a means to track employees, customers, inventory, and scheduling. Data moves through a myriad of systems, networks, and software, providing insights to businesses looking to stay competitive. Some of that software is built within the organization or purchased and integrated. It enables organizations to move quickly and stay ahead of their competition. In the United States, software in various industries, including finance, sales, human resources, and supply chains, has seen a steady increase, and the trend is continuing. Over the next decade, software in these industries will see a steady increase in market size. For instance, in 2020, the market size of global business software and service was nearly $390 billion and is expected to have an annual growth of 11% from 2021 to 2028. This expansion is based on the increasing need for automation and processing solutions in nearly every sector of the economy.

1.1 The role of an application security program

1.1.1 Software from concept to production

1.1.2 Where does application security fit?

1.2 The current state of application security

1.3 Why building security in is challenging

1.3.1 Trying to protect at runtime

1.3.2 Getting output from tools is not enough

1.3.3 Sifting signal from noise in security tools

1.4 Shifting right vs. shifting left in development

1.4.1 Shifting right in the development life cycle

1.4.2 Shifting right fails

1.4.3 Shifting left in the development life cycle

1.4.4 Shifting left fails