Maintaining security is a challenge for any businesses or organisations around the world. As attacks get sophisticated, so does the defence need to be. This makes our daily work challenging, as developers we not only have to deliver business requirements but also have to build defence against these vulnerabilities.

Security has mostly been an afterthought for software engineering teams, but things are changing with the number of cyber-attacks. With most companies opting for cloud, the attackers often prefer to pick software vulnerabilities as the key to our systems rather than network vulnerabilities which are mostly well build by cloud vendors.

Application Security Vs Software Security

Typically, cyber security teams are empowered with tools to work on Application Security, and it’s a very common practice these days. Application security looks for vulnerabilities after the softwares are deployed in to production environment. It can be challenging for the development team to immediately address some of these vulnerabilities as it can involve a lot of rewriting of code and re-testing.

Industry has identified this gap and have introduced “devsecops” or often called as “shift left”. Devsecops is a practice where we integrate tools in the development phase to identify vulnerabilities that allow developers to fix them immediately. This is often less disrupting, and we see a lot of teams that adopt it these days.

Devsecops when used in conjunction with existing Application security tools can have a lot more success.

In the next article, we will look more into devsecops.