Menu
Clone of Alibaba (BABA) IPO Shares Jump 36%

Alibaba (BABA) IPO Shares Jump 36%

The Sexiest Halloween Costumes of 2014

The Sexiest Halloween Costumes of 2014

Mazda Miata 2016 model revealed

Mazda Miata 2016 model revealed

Miley Cyrus New Butt Gets in Trouble with Law

Miley Cyrus New Butt Gets in Trouble with Law

Larry Ellison Steps Down as CEO of Oracle

Larry Ellison Steps Down as CEO of Oracle

SD Elements--A Solution To The Web App Security Conundrum

Feb 14 2014, 11:10am CST | by , in News | Technology News

SD Elements--A Solution To The Web App Security Conundrum
 
 

YouTube Videos Comments

Full Story

SD Elements--A Solution To The Web App Security Conundrum

The idea of web applications seems timeless, web apps have been around for a couple of decades already and yet we still keep hearing about security vulnerabilities in applications. Indeed the OWASP Top 10, a security group’s listing of the top web app flaws, hasn’t changed much in the past decade. The emergence of mobile applications has only heightened the issues developers face. Balancing time-to-market (in part bolstered by Eric Ries and his “lean methodology” and “minimum viable product” mantras), functionality and security is a difficult balancing act. often security misses out as developers take a “how bad can it be” approach. According to a recent study:

  • 48% of mobile applications are vulnerable to unauthorized access
  • 37% contain sensitive information disclosures
  • 33% are vulnerable to cross-site scripting attacks
  • 26% use improper encryption

Damning statistics and ones which aren’t surprising when one considers that developers aren’t generally security specialists (and, conversely, security experts tend not to think or talk like developers).

This is where SD Elements comes in – the company offers a “security prescription” that development teams can use. The developers don’t need to know security, the tool does it for them. Essentially SD Elements guides developers through the build process and incorporates security protection into the app from the beginning. Here’s how it works:

  • Step 1 – Developers answer a short questionnaire about the app they’re developing. This helps determine the type of features it will include and the risk set that is relevant to the app
  • Step 2 – After completing the survey, SD Elements runs an automated risk analysis that brings up every potential vulnerability that may be an issue for the app. SD Elements has the most comprehensive list of software security requirements currently available on the market – and the automated search takes 15 minutes
  • Step 3 – SD Elements can be merged into the existing Application Lifecycle Management tools to make the secure coding process seamlessly fit into the regular development cycle
  • Step 4 – Using SD Elements, developers are guided step-by-step through the process of remediating risks/flaws as they develop the app, and adding in layers of additional protection. The tool prioritizes tasks and offers very clear guidance (including code samples, embedded training, etc.) for how to implement security. SD Elements also allows the developer to test as they go
  • Step 5 – To verify that security is in place, developers can run the app through several popular security scanning products

It’s an interesting approach – instead of using either a pre-configured software security requirement list, or an after-the-fact automated scanning tool, SD Elements works alongside and at the same time as the development process, it’s also a dynamic tool, taking into account new found vulnerabilities and approaches to security. It’s also compatible with existing scanning products so sits nicely in the web app security lifecycle process.

Of course in an ideal world a development environment would edit code on-the-fly to include robust security, but development environments tend to be relatively static, security tools have to be dynamic to react to the ever-changing security landscape.

SD Elements is an interesting approach, if using it means there is less likelihood of vulnerable applications hitting the market, it’s a positive addition to the host of tools that developers have in their toolbox.

Source: Forbes

 

You Might Also Like

Updates


Sponsored Update


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Sony’s Google Glass Rival Going On Sale In March
Sony’s Google Glass Rival Going On Sale In March
The PlayStation maker has released the SDK.
 
 
Jameis Winston will sit Tonight
Jameis Winston will sit Tonight
Florida State suspended its quarterback, Jameis Winston, for the entire game against Clemson. He will sit and not be playing tonight.
 
 
Roman Reigns’ fight with Seth Rollins will have its Consequences
Roman Reigns to face Consequences of fight with Seth Rollins
Roman Reigns’ fight or rather SmackDown with Seth Rollins will have its consequences.
 
 
iCloud Drive For Windows Users Now Available To Download
iCloud Drive For Windows Users Now Available To Download
The iCloud Drive feature integrates seamlessly into Windows Explorer, showing up as another drive in the list of connected devices.
 
 
 

About the Geek Mind

The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.

The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.

Read more about The Geek Mind.