As developers are tasked with churning out new applications in record amounts of time, cyber security professionals are left with less time to check for cyber security holes and protect these apps against hackers and other potential breaches. This means that apps often have lengthy windows of vulnerability until cyber security issues are uncovered and addressed. The 2017 “Application Security Statistics Report ” by WhiteHat Security reports that approximately 50 percent of applications are vulnerable every single day of the year.
This opens a plethora of opportunities for hackers to access apps and steal information and sometimes hold it for ransom. The “2017 Data Breach Investigations Report ” by Verizon uncovered that 30 percent of the cyber security breaches reported in 2016 were hacks on web applications. Further, 62 percent of breaches featured hacking to exploit cyber security vulnerabilities, and 93 percent of breaches were motivated by opportunities to steal information or make money.
These cyber security issues continue into 2018. In February, hackers breached Under Armour’s MyFitnessPal app and stole usernames and passwords, CNBC reports. A few months later at the end of May, security researcher Oliver Hough discovered that a backend server for fitness app PumpUp was not password protected, leaving it exposed to the internet. This leaked credit card data, health data and private messages from more than 6 million users, ZDNet reports. On July 4, Timehop, an app that plugs into Facebook, reported a cyber security attack that compromised the names and email addresses of 21 million users and the phone numbers of about a fifth of those victims, according to TechCrunch .
As consumers and businesses become more reliant on applications and software, these risks become more of a priority. Application security involves the steps a company takes to protect critical information from external threats by identifying, fixing and preventing cyber security vulnerabilities, according to Veracode .
But reacting to cyber security is not enough. Developers need to be more proactive about cyber security and balance it with the time constraints of releasing new and updated apps. Enter DevSecOps. This approach embeds cyber security into every part of the app development process, unifying the development, security and operations functions under the common goal of cyber security. Essentially, rather than tacking on cyber security protocols at the end of the app development process, DevSecOps recommends automating core security tasks by incorporating security controls and processes early in the development process, CSO explains. This automation cuts down on the chances of misadministration and mistakes, thus preventing attacks and downtime, it adds. WhiteHat advises that DevSecOps is essential for application security and helps developers secure a competitive advantage.