Application security

How DevSecOps can curb burnout among app developers

The security industry is a pressure cooker. Teams race to get apps ready for the marketplace, often having to make difficult, time-saving decisions that hurt security in the process. The result is constant stress for those who work in DevSecOps, followed by the rising potential for burnout.

But there are ways security teams can modernize their AppSec approach to relieve stress and burnout while improving one’s security posture in the process. Meaghan McBee of Invicti Security recently outlined AppSec features that can make the difference. – most notably automation. 

Skills gap not helping

One cause of burnout in the profession: not enough skilled practitioners to handle an ever-expanding threat landscape. McBee cited a recent Information Systems Security Association (ISSA) study where 70% of members pointed to the lack of help at a time when, according to Verizon’s Data Breach Investigations Report, ransomware attacks have risen 13% in the last year. 

For those tasked with DevSecOps and AppSec, the pressures are particularly daunting. It’s exceedingly difficult to find and fix every vulnerability before an application goes to market. Fortunately, McBee wrote, tools exist to help ensure security and alleviate the pressure.

Importance of Automation

“In web application development, subpar security or antiquated tools can create manual work or rework for DevSecOps professionals,” she wrote. “That’s where automation shines, handling those more tedious security processes. When paired together, dynamic application security testing (DAST) and interactive application security testing (IAST) cut back on as much manual work as possible through the automatic discovery and scanning of all applications in development and production.”

Teams can build comprehensive, quick security testing right into the software development lifecycle (SDLC) with automated scans triggered in continuous integration/continuous delivery environments (CI/CD) or scheduled to test apps in production, she said.

“It’s about more than just fortifying security processes in the SDLC; automated vulnerability confirmation enables teams to remediate issues quickly and confidently, freeing up valuable time for security and development professionals so that they can focus on more high-value initiatives,” McBee concluded.

Bill Brenner

InfoSec content strategist, researcher, director, tech writer, blogger and community builder. Senior Vice President of Audience Content Strategy at CyberRisk Alliance.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.