The Hardest Problem in Application Security – Application Security Weekly #23
One of the hardest problems that Application Security practitioners need to solve is the problem of visibility. Not only do they need to uncover all of the different projects under development - they also need to worry about what libraries and frameworks those projects are using.
Full Show Notes
Follow us on Twitter: https://www.twitter.com/securityweekly
[audio src="http://traffic.libsyn.com/aswaudio/The_Hardest_Problem_in_Application_Security_-_Application_Security_Weekly_23_converted.mp3" ]
Before agile development and what has been called “adaptive development learning,” the chief security officer of Trexin Consulting said in this episode of CISO Stories that Systems Development Life Cycle (SDLC) was viewed as “tricks for getting things done.”
A new study found that 400 popular packages on repository Maven Central used Log4j code without calling it as an external package. Why does that matter? Because any time code is included without calling it as an external package, traditional dependency analysis might not be enough to find it — including when Java coders use a common trick to resolve conflicting dependencies during the design process.
Today’s columnist, Amitai Ratzon of Pentera, says SecValOps offers the next step in a continued proactive security approach, a tone that’s been set all year with the Biden administration’s executive order in May.