As the world increasingly moves to a digital format, cybersecurity is becoming more important than ever. It’s especially significant since, according to a recent survey by Sophos, 51% of businesses in America experienced a ransomware attack in 2020. That’s a staggering number of security vulnerabilities that truly shouldn’t exist in the modern day and age. Yet, it’s relatively understandable.

The push for apps hitting the market quickly has become a driving factor in a lot of development teams, and sometimes, that means that cybersecurity takes a back seat. In fact, this is why a lot of companies have begun adopting the DevOps model with the hope that they can not only overcome security and compliance challenges but also release a product within a tight deadline.

Application Security

Fundamentally, the issue of application security is multi-faceted, with a variety of techniques, philosophies, and certifications that can be applied to make all applications safer. 

For example, take the recent update to MITRE’s Common Weakness Enumeration (CWE), which itself was built on the incredibly popular ATT&CK Framework. Sponsored by the U.S. Cybersecurity & Infrastructure Security Agency (CISA), the whole purpose is to categorize security weaknesses and vulnerabilities with the hope of understanding the specific flaws of each category and how to mitigate them. In fact, CWE has over 600 categories, with everything from buffer overflow to cross-site scripting and even race conditions. 

This update couldn’t have come sooner, too, especially since some experts predict that cyberattacks will escalate given the massive increase in both remote work and the Internet of Things (IoT). This is exactly why cybersecurity understanding is not optional for these companies, as hacking tools are becoming more commonplace. It’s important that any tool that connects to the web has some form of cyber resilience.

In fact, it’s (Read more...)