Dev is almost done. The champagne is ready, and the search for last minute vacation deals is underway. The new code is checked into GitHub. Jenkins gets to work. CodeBuild and CodeDeploy standup the new app in the cloud. World domination begins…until Sec shows up and asks a question that kills all hopes and dreams: “Hey, is the new app ready? I need to do some testing and create the security policy.”

Sounds familiar, right? Dev teams continuously push the boundaries of innovation, embracing groundbreaking tech like cloud-native and open source to literally change the world with cool apps. Thanks Dev!

But is the app secure? Will it be the key competitive advantage and maximize business outcomes, or will it lead to an embarrassing breach? Do your cloud providers provide effective security? What’s the risk to the business if the answer to any of these is the wrong one?

IS THE RISK ACCEPTABLE?

A risk-based approach is common in the security world. While new tech and new functionality are cool, they are unproven—and therefore, risky.

Application vulnerabilities can happen every time code is added or updated. Every time a new module is used, or a new feature is created, you expand the threat surface that bad actors continuously try to exploit. Sometimes that risk is unacceptable to security teams.
 

Application vulnerabilities can happen every time code is added or updated. Every time a new module is used, or a new feature is created, you expand the threat surface that bad actors continuously try to exploit. Sometimes that risk is unacceptable to security teams.

For example, F5 Labs has identified threats that leverage automation to discover hosts on the Internet that may be susceptible to open source software vulnerabilities, namely CVE-2011-4107 and CVE-2013-3241, in the pervasive PHP open source software. These injection attacks look to exploit weak authentication portals and/or outdated MySQL databases to setup further attacks and/or steal sensitive information.

Although these vulnerabilities have long been mitigated, the fact that bad actors still search for them as part of their attack arsenal underscores the importance of securely leveraging open source software. Don’t let your super cool app be exploited by an age old PHP vulnerability!

The question is, how can Dev and Sec both keep doing their jobs, without slowing down or killing production?

SECURITY AT THE SPEED OF DEVELOPMENT

Well, what if security could be deployed with the app—in the same time it takes for the CI/CD pipeline to automate the build and deploy the app into the cloud? That sounds like a win-win.

Essential App Protect deploys fast, so you don’t get hacked. Within minutes, your app has comprehensive protection from application vulnerabilities and emerging threat campaigns that often lead to devastating data breaches. Your cool app goes live, changes the world, and the security team thanks you for effectively managing risk. You’ve become a hero in the same amount of time it took to read this blog post.

So hey, pop the champagne and take that trip. You deserve it.  

See how you can integrate security into your app in less than 5 minutes. Try Essential App Protect today.