Chapter 14. Shifting Everywhere in Application Security
Sounil Yu
The Changing Landscape of Application Security
Mark Andreessen’s observation from a decade ago that “software is eating the world” perfectly captures the pivotal role software now plays in almost every organization’s success. In this age of rapid digital transformation, nearly every company is a software company, driving a rapid expansion of the software attack surface and redefining the landscape for AppSec.
With software taking on such a prominent role, there’s a race to produce more and release it faster. From 2011 to 2014, Amazon went from deploying software every 11 seconds to less than one per second.1 Today, it’s safe to infer that the deployment cycle is nearly continuous. This breakneck pace not only produces a vast volume of software code but also presents security challenges, as the volume of code to inspect for vulnerabilities explodes.
The Traditional Shift Left Paradigm
To deal with these software vulnerabilities, the security community has rallied around the need to shift left, a strategy which, in health terms, is akin to preventing disease instead of treating disease. By enforcing security-by-design principles before software is deployed, security flaws could be addressed early in the development phase, where they are relatively cheaper and easier to fix.
However, the shift left concept originally ...
Get 97 Things Every Application Security Professional Should Know now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
