Latest News: Technology |  Celebrity |  Movies |  Apple |  Cars |  Business |  Sports |  TV Shows |  Geek


Filed under: News | Technology News


SD Elements--A Solution To The Web App Security Conundrum

Feb 14 2014, 11:10am CST | by

1 Updates
SD Elements--A Solution To The Web App Security Conundrum

YouTube Videos Comments

Full Story

SD Elements--A Solution To The Web App Security Conundrum

The idea of web applications seems timeless, web apps have been around for a couple of decades already and yet we still keep hearing about security vulnerabilities in applications. Indeed the OWASP Top 10, a security group’s listing of the top web app flaws, hasn’t changed much in the past decade. The emergence of mobile applications has only heightened the issues developers face. Balancing time-to-market (in part bolstered by Eric Ries and his “lean methodology” and “minimum viable product” mantras), functionality and security is a difficult balancing act. often security misses out as developers take a “how bad can it be” approach. According to a recent study:

  • 48% of mobile applications are vulnerable to unauthorized access
  • 37% contain sensitive information disclosures
  • 33% are vulnerable to cross-site scripting attacks
  • 26% use improper encryption

Damning statistics and ones which aren’t surprising when one considers that developers aren’t generally security specialists (and, conversely, security experts tend not to think or talk like developers).

This is where SD Elements comes in – the company offers a “security prescription” that development teams can use. The developers don’t need to know security, the tool does it for them. Essentially SD Elements guides developers through the build process and incorporates security protection into the app from the beginning. Here’s how it works:

  • Step 1 – Developers answer a short questionnaire about the app they’re developing. This helps determine the type of features it will include and the risk set that is relevant to the app
  • Step 2 – After completing the survey, SD Elements runs an automated risk analysis that brings up every potential vulnerability that may be an issue for the app. SD Elements has the most comprehensive list of software security requirements currently available on the market – and the automated search takes 15 minutes
  • Step 3 – SD Elements can be merged into the existing Application Lifecycle Management tools to make the secure coding process seamlessly fit into the regular development cycle
  • Step 4 – Using SD Elements, developers are guided step-by-step through the process of remediating risks/flaws as they develop the app, and adding in layers of additional protection. The tool prioritizes tasks and offers very clear guidance (including code samples, embedded training, etc.) for how to implement security. SD Elements also allows the developer to test as they go
  • Step 5 – To verify that security is in place, developers can run the app through several popular security scanning products

It’s an interesting approach – instead of using either a pre-configured software security requirement list, or an after-the-fact automated scanning tool, SD Elements works alongside and at the same time as the development process, it’s also a dynamic tool, taking into account new found vulnerabilities and approaches to security. It’s also compatible with existing scanning products so sits nicely in the web app security lifecycle process.

Of course in an ideal world a development environment would edit code on-the-fly to include robust security, but development environments tend to be relatively static, security tools have to be dynamic to react to the ever-changing security landscape.

SD Elements is an interesting approach, if using it means there is less likelihood of vulnerable applications hitting the market, it’s a positive addition to the host of tools that developers have in their toolbox.

Source: Forbes


You Might Also Like


Sponsored Update


More From the Web

Shopping Deals


<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.




blog comments powered by Disqus

Latest stories

Getty Images
Courteney Cox at 50: 'Friends' star dazzles in smoking-hot bikini
The adorable actress, known for her role in U.S. sitcom, "Friends," is making waves in a 50-is-the-new-21 way.
George Takei came out because of Arnold Schwarzenegger
George Takei came out because of Arnold Schwarzenegger
Legendary Star Trek actor reveals why he came out. The reason is no other than Terminator actor Arnold Schwarzenegger.
Miss America 2014 Parade to Feature First Ever 3D Printed Shoes
Miss America 2014 Parade to Feature First Ever 3D Printed Shoes
Thanks to Maggie Bridges and Georgia Tech, we will see the first 3D printed shoes on the stage of the shoe parade
Vicki Gunvalson Flirting With David Beador
Vicki Gunvalson Flirting With David Beador
The Real Housewives of Orange County star Vicki Gunvalson admitted flirting with "hot" co-star David Beador

About the Geek Mind

The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.

The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.

Read more about The Geek Mind.