The State of Application Security … · The State of Application Security Sandy Carielli,...
Transcript of The State of Application Security … · The State of Application Security Sandy Carielli,...
![Page 1: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/1.jpg)
The State of Application SecuritySandy Carielli, Principal Analyst, December 10, 2019
![Page 2: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/2.jpg)
2
21 Days Until The
End Of The
Decade
![Page 3: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/3.jpg)
![Page 4: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/4.jpg)
4
Development Teams
Are Moving Faster
In 2018, 27% of developers indicated that
they released monthly or faster. In 2019, the
number jumped to 38%.
Base: 3,294 Developers
Source: Forrester Business Technographics Global Developer Survey, 2019
Base: 3,228 Developers
Source: Forrester Business Technographics Global Developer Survey, 2018
![Page 5: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/5.jpg)
5© 2019 Forrester. Reproduction Prohibited.
Yes, Open Source Is Prevalent In IoT
Synopsys: 2019 Open Source Security And Risk Analysis
![Page 6: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/6.jpg)
In 2019, 54% of Containers Live For Five Minutes or Less
Source: Sysdig Container Usage Report: https://sysdig.com/blog/sysdig-2019-container-usage-report/
![Page 7: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/7.jpg)
7
33% of firms
suffered a breach
as a result of an
external attack.
This is how.
![Page 8: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/8.jpg)
8© 2019 Forrester. Reproduction Prohibited. 8
https://nvd.nist.gov/vuln/detail/CVE-2000-0388
Synopsys: 2019 Open Source Security And Risk Analysis
![Page 9: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/9.jpg)
9
Containers And
Images Are Not
Immune
Source: Snyk: Shifting Docker Security Left: https://snyk.io/blog/shifting-docker-security-left/
![Page 10: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/10.jpg)
![Page 11: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/11.jpg)
3.5x
11.5x
Source: "State Of Software Security," Veracode (https://www.veracode.com/state-of-software-security-report).
![Page 12: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/12.jpg)
12
SAST adoption18%
35%
42%
25%
17%
34%
37%
40%
Design Development Testing Production
Phase of the SDLC in which SAST is implemented
Planning to implement within the next 12 months
Implementing/implemented + Expanding/ upgrading implementation
Base: 1,014 global network path security decision makers who are adopting SAST
Source: Forrester Analytics Global Business Technographics Security Survey, 2019
![Page 13: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/13.jpg)
13
SCA adoption
Base: 1,035 global network path security decision makers who are adopting SCA
Source: Forrester Analytics Global Business Technographics Security Survey, 2019
17%
37%39%
28%
20%
31%
37% 37%
Design Development Testing Production
Phase of the SDLC in which SCA is implemented
Planning to implement within the next 12 months
Implementing/implemented + Expanding/ upgrading implementation
![Page 14: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/14.jpg)
14
Container Security
adoption
Base: 1,033 global network path security decision makers who are adopting Container Security
Source: Forrester Analytics Global Business Technographics Security Survey, 2019
20%
37%36%
30%
17%
33%
37%
42%
Design Development Testing Production
Phase of the SDLC in which Container Security is implemented
Planning to implement within the next 12 months
Implementing/implemented + Expanding/ upgrading implementation
![Page 15: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/15.jpg)
15
10 Steps To Secure
Containers In
Software Delivery
Life Cycle
Source: “Ten Basic Steps To Secure Software Containers” Forrester report
![Page 16: The State of Application Security … · The State of Application Security Sandy Carielli, Principal Analyst, December 10, 2019. 2 21 Days Until The End Of The Decade. 4 Development](https://reader033.fdocuments.us/reader033/viewer/2022050200/5f53fed4e59c222e6009379e/html5/thumbnails/16.jpg)
16© 2019 Forrester. Reproduction Prohibited. 16
Recommendations For Trustworthy IoT
Embrace open source and modern deployment methodologies
Shift left and scan often
Engage development in the security process