Application Security Questions - Season 03

Any modern company that develops software solutions has to follow secure by design and application security concepts. It’s imperative to do it right from the beginning, preferably aligning the SDLC process with one of the security frameworks and verifying that the product being developed doesn’t include known weaknesses or vulnerabilities. Application Security is a perfect example where cybersecurity has to be done side by side with the project advancement. We believe that we all have the same end goal, releasing functional and secure products. The main question is how to add security seamlessly and as early as possible without impacting our release speed. While preparing for our third season, we came up with several questions that we would ask our guest vendors during the season and would like to share with our audience.

When we are looking to introduce AppSec as part of the SDLC process we should know and understand the following terms and abbreviations that would be in our glossary: SAST, SCA, VA, DAST, IAST, RASP, SBOM

Season 03  Generic Questions

1. Where do you see your product in the SDLC process providing most of the value to the customer?
2. Who is your main target customer? (Developers, DevOps, DevSecOps, Security Analysts, SRE).
3. AppSec solution aiming to identify and prevent security deficiencies early in the SDLC process, how does your solution contribute to this?
4. What level of access is required by your solution, does it need access to the source code or build machine?
5. Is there an option for on-prem deployment or only SaaS services?
6. What compliances do your SaaS solutions have? (SOC2 ISO 27001)