Top 5 application security takeaways from the RSA 2022 conference

30

The RSA Conference 2022 took place from June 6th to 8th, 2022 in San Francisco. The cybersecurity industry welcomed RSA 2022, held in person at the Moscone Convention Center in San Francisco. After a year-long hiatus due to Covid, the conference was back, stronger and well-timed to address recent developments. With the industry focus on software supply chain attacks, here are five key application security takeaways from this year’s RSA conference:

  1. Application security and attacks on the software supply chain dominated industry attention – In the last eighteen months, there has been a huge increase in breaches related to the software supply chain. After incidents like SolarWinds, Kaseya attack, Colonial Pipeline and many others, there were other and newer attacks like the Log4J and Lapsus$ attacks affecting Samsung, Nvidia, Microsoft, Heroku, Travis CI and many more.
  1. The RSA conference has made application security a key focus area for program sessions – During the three days from June 6th to 8th, DevSecOps and Software Integrity formed over 40 major track sessions and sandbox sessions falling in the room, in addition to all other product segments. Subcategories of Application Security, Open Source Security, Container Security, and Cloud Security.
  1. Organizations are asking who is responsible for application security. Is it the development team or the security team? At this year’s RSA conference, there were segment-specific sandbox areas. One of them was application security. One of the most important presentations was “Spreading Application Security Ownership Across the Entire Organization”. With the growing need for application security, this session sought to answer questions such as “Who is responsible for application security and code security in the organization?” Actual titles or job titles of Application Security Engineer or Product Security Engineer are used in development or security teams as an indication that organizations take code security seriously.
  1. Big-box security vendors have added or added application security and software supply chain security offerings to their solution portfolios. Vendors like Palo Alto Networks, Rapid7, Microsoft, Google, Amazon Cloud, Elastic Cloud, etc. have added application security as well as API security features.
  1. Code security solutions are a growing category – Secure code review, open-source code security, software composition analysis, and software bill of materials are adjacent categories of tools that are being added to SAST and DAST tools. Infrastructure as Code (IaC) has seen tremendous growth as companies seek to automate the tedious task of manually configuring their applications in the cloud.

What’s new in BluBracket?

DevOps Connect: DevSecOps @ RSAC 2022

In the week leading up to the RSA Conference 2022, BluBracket rolled out major enhancements to its cloud-based code security platform to address high-risk content in code, including secrets in code, code leaks, access governance risks and the presence of PII, to name just a few. Highlights included the ability to consolidate risks inherent in internally developed source code included in Git repos and combine them with external dependency risks from tools like Snyk and others. This provides an unprecedented consolidated view of code risk. Additional features include predefined open-source recipes for BluBracket’s CLI tool, making it easier for developers and AppSec engineers to check for risks in Confluence, S3 buckets, and log files in addition to source code.

For more information on BluBracket’s code security solution, click here here

*** This is a syndicated blog from Security Bloggers Network BluBracket: Code Security & Secret Detection written by Pan Kamal. Read the original post at: https://blubracket.com/rsa-conference-2022-roundup-offers-a-lot-to-praktikers-of-devsecops-and-application-security/

Source link
#Top #application #security #takeaways #RSA #conference

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.