Colombia. Security in the use of applications is one of the concerns that is most manifested by entrepreneurs due to the risks sometimes represented by access and use of these computer tools.
Therefore, the A3SEC Group, an expert in cybersecurity, has become an important ally for companies in the public and private sector; made known the new trends of security integration, in the development of secure code, in an efficient way; reducing the interaction gap between the development team and the security team.
The director of A3SEC's Mexico office, Israel Gutierrez, noted that in order to have a threat-free environment, it is necessary to secure applications by searching, remediating and preventing security vulnerabilities. He said that we must reduce risks and improve the operation of authentication, encryption and auditing, in order to integrate defense mechanisms into corporate security.
The executive assured that 80% of computer attacks are against applications and of these 30% are successful, so quick and timely action is required by developers to protect applications in case of an attack. "Protection should be part of a process and not an extra function in the development of applications," he said.
He pointed out that several tools such as SATS, which is static analysis, DAST, dynamic analysis and IAST, which is interactive analysis, are used to detect attacks and defend their applications.
For his part, Ronen Riesenfeld, Security Engineer in Checkmarx LATAM Applications, said that it is necessary to act in time and quickly to prevent attacks from having negative effects on the security of corporations. He said that to reduce vulnerability you have to build security competence in developers, make them participate in the value of security and understand that this is a commitment of all.
Riesenfeld noted that important challenges to develop defenses, including rapid release, process compliance, improving staff skills, reducing time and costs through developer empowerment.
For the expert, the ideal is that the development of security aspects in applications occurs within the construction cycle, in order to prevent possible attacks or deal with them in a timely manner in case they occur.
For Gutiérrez, through DevSecOps the development of applications and their implementation is improved and it can be ensured that it has 5 times fewer failures than its counterparts, which makes it more effective when it comes to security, since it recovers failures 96 times faster.
He pointed out that through this mechanism there is a much faster process with less risk and stressed that the culture of safe development must be part of the whole process. "We must have solutions to integrate them more naturally into the security process," Gutierrez said.
When making a demonstration, Riesenfeld pointed out that when performing a scan of the applications, it is possible to incorporate security or quality rules of each company, which allows greater integration.
He highlighted how the scan can be scheduled to be carried out at times when there is less volume of work and in this way go through the entire application, detect where the vulnerability is and how to solve it. If there are several you can proceed in the same way, which saves time and money.
