Greg Sternberg—IT Strategist at EVOTEK—started out as a geophysical engineer before moving into application development. His curiosity about how code works eventually led him to specialization in application security.
A lot of today’s cyberattack strategies are new. Developers now need to consider not only what a user might do with an application, but also how a malicious person or malware code might exploit it. Not only have attacks become more sophisticated, there’s also a much broader application attack surface to protect. With more reliance on open-source components, the total lines of code in any given application have mushroomed. And code is now everywhere—in the everyday products that surround us at home, work, our cars, and much more.
When it comes to modern security, it’s not just about the applications themselves but the demands placed on developers by business leaders. Application development is expected to happen at the speed of business—as fast as possible. The adoption of DevOps and Agile accelerate development and testing cycles to increase the frequency and volume of application code being written and released. But security testing using traditional application security models in these environments becomes a stumbling block—slowing down processes by sending vulnerabilities found in testing back to developers to be fixed, and without necessary context.
For more detail, listen to the Inside AppSec podcast interview with Greg Sternberg.
This post is sponsored by Contrast Security