Menu
Volkswagen XL Sport Concept Car Stuns at Paris Motor Show

Volkswagen XL Sport Concept Car Stuns at Paris Motor Show

Mila Kunis and Ashton Kutcher Welcome Baby

Mila Kunis and Ashton Kutcher Welcome Baby

iPhone 6c is possible as iPhone 5c Sales Surge

iPhone 6c is possible as iPhone 5c Sales Surge

Jeff Goldblum Stars in funny GE Link Ad

Jeff Goldblum Stars in funny GE Link Ad

Lamborghini Asterion Plug-in Hybrid has 910hp

Lamborghini Asterion Plug-in Hybrid has 910hp

SD Elements--A Solution To The Web App Security Conundrum

Feb 14 2014, 11:10am CST | by , in News | Technology News

SD Elements--A Solution To The Web App Security Conundrum
 
 

YouTube Videos Comments

Full Story

SD Elements--A Solution To The Web App Security Conundrum

The idea of web applications seems timeless, web apps have been around for a couple of decades already and yet we still keep hearing about security vulnerabilities in applications. Indeed the OWASP Top 10, a security group’s listing of the top web app flaws, hasn’t changed much in the past decade. The emergence of mobile applications has only heightened the issues developers face. Balancing time-to-market (in part bolstered by Eric Ries and his “lean methodology” and “minimum viable product” mantras), functionality and security is a difficult balancing act. often security misses out as developers take a “how bad can it be” approach. According to a recent study:

  • 48% of mobile applications are vulnerable to unauthorized access
  • 37% contain sensitive information disclosures
  • 33% are vulnerable to cross-site scripting attacks
  • 26% use improper encryption

Damning statistics and ones which aren’t surprising when one considers that developers aren’t generally security specialists (and, conversely, security experts tend not to think or talk like developers).

This is where SD Elements comes in – the company offers a “security prescription” that development teams can use. The developers don’t need to know security, the tool does it for them. Essentially SD Elements guides developers through the build process and incorporates security protection into the app from the beginning. Here’s how it works:

  • Step 1 – Developers answer a short questionnaire about the app they’re developing. This helps determine the type of features it will include and the risk set that is relevant to the app
  • Step 2 – After completing the survey, SD Elements runs an automated risk analysis that brings up every potential vulnerability that may be an issue for the app. SD Elements has the most comprehensive list of software security requirements currently available on the market – and the automated search takes 15 minutes
  • Step 3 – SD Elements can be merged into the existing Application Lifecycle Management tools to make the secure coding process seamlessly fit into the regular development cycle
  • Step 4 – Using SD Elements, developers are guided step-by-step through the process of remediating risks/flaws as they develop the app, and adding in layers of additional protection. The tool prioritizes tasks and offers very clear guidance (including code samples, embedded training, etc.) for how to implement security. SD Elements also allows the developer to test as they go
  • Step 5 – To verify that security is in place, developers can run the app through several popular security scanning products

It’s an interesting approach – instead of using either a pre-configured software security requirement list, or an after-the-fact automated scanning tool, SD Elements works alongside and at the same time as the development process, it’s also a dynamic tool, taking into account new found vulnerabilities and approaches to security. It’s also compatible with existing scanning products so sits nicely in the web app security lifecycle process.

Of course in an ideal world a development environment would edit code on-the-fly to include robust security, but development environments tend to be relatively static, security tools have to be dynamic to react to the ever-changing security landscape.

SD Elements is an interesting approach, if using it means there is less likelihood of vulnerable applications hitting the market, it’s a positive addition to the host of tools that developers have in their toolbox.

Source: Forbes

 

Updates


Sponsored Update


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Mike Tyson To Be Animated in Cartoon Series
Mike Tyson To Be Animated in Cartoon Series
Mike Tyson To Be Animated in Cartoon Series
 
 
Kendal Jenner enjoys romantic dinner with Justin Bieber
Kendal Jenner enjoys romantic dinner with Justin Bieber
The two were spotted dining at a restaurant after which they tried to escape in their car
 
 
Jennifer Garner Appears At The Tonight Show With Jimmy Fallon
Jennifer Garner Appears At The Tonight Show With Jimmy Fallon
Jennifer Garner plays a funny game of catchphrase with Jimmy Fallon and she also shares her theory as to why she wasn’t invited to George Clooney’s wedding.
 
 
Rex Ryan lends Tribute to Bill Belichick and lauds Jets
Rex Ryan lends Tribute to Bill Belichick and lauds Jets
Rex Ryan has lent a whole lot of tribute to Bill Belichick and also lauded the Jets. He sure has a big mouth.