Contrast and NowSecure Discuss Application Security Challenges and Best Practices
In a recent webinar, “Accelerating DevOps with Autonomous Security Observability,” Brian Reed, chief mobility officer of NowSecure, spoke with Jeff Williams, co-founder and CTO at Contrast Security, on how autonomous security can power DevOps teams and take continuous integration/continuous deployment (CI/CD) pipelines to the next level. I highly recommend listening to the full webinar—it has many insights both for developers and security teams. In the following, I will tease out the highlights of their conversation and extract some key takeaways.
While Contrast focuses on application security for web applications, NowSecure specializes in protecting apps that run on mobile devices. In this conversation, Brian and Jeff discuss the unique challenges of mobile apps and their web-based back ends.
Background: Mobile App Security Status Quo
Brian, who has been working with mobile apps for 15 years, spends a lot of time talking to customers about mobile technology’s role in their digital transformations. He laments what he sees as a mismatch between the huge investment in securing software and the less-than-stellar security outcomes. For example, organizations spent $3.2 billion on application security in 2020 and are projected to spend $4.5 billion in 2024 (according to this Gartner report) and yet …
Jeff echoes those sentiments when he talks about web applications. Scanning the data from the tens of thousands of applications monitored by the Contrast Security Platform, Jeff found that almost all of them (96%) have at least one vulnerability; the average is 35 per web application! Vulnerabilities come from both custom and open-source code. Some of the latest research from Contrast Labs confirms his assertion. A few highlights include:
Takeaway: Vulnerabilities put applications at risk; few are entirely safe.