Building secure web applications takes more than just testing the code to weed out flaws during development and keeping the servers on which it runs up to date.
Code is becoming more secure as security testing is pushed earlier in the development cycle, but public-facing web apps are still the main source of data breaches, according to 41% of respondents to the 2016 SANS Application Security Survey.
That may explain why the percentage of those respondents assigning vulnerability scanning to IT operations rather than development rose from 22 percent to 30 percent between 2015 and 2016.
To keep web apps secure, IT ops groups are increasingly adopting Dynamic Application Security Testing (DAST) tools that have long been a favorite of penetration testers and security auditors. The "black-box" testing approach of DAST allows scans without advanced knowledge of coding languages or techniques.
Many DAST tools are also able to find vulnerabilities that have nothing to do with code ' inconsistent or faulty server configurations, flaws in authentication and authorization schemes, or imperfect integration with firewalls and other security systems.
Register for this webcast to learn:
Click here and you'll be among the first to receive an associated whitepaper with full analysis and explanation of these and other AppSec/vulnerability scanning issues and a Q&A for attendees with report author and SANS expert Barbara Filkins.