Morioh
Login
Tyrique Littel

Tyrique Littel

3 years ago

In the modern software development life cycle, there is a variety of security tools used in different phases of development pipelines.

While SAST and SCA are more heavily used in the coding phase, as we approach the production phase DAST, IAST, Container Security or In-App Protection tools also come into play to provide end-to-end security in the pipeline.

On top of these tools, organizations also rely on other sources like manual penetration testing or bug bounty programs to detect vulnerabilities that are harder to find as they are mostly business logic related.

Application security orchestration and correlation platforms have emerged to combine vulnerabilities coming from all these different sources in an automated fashion and provide a unified view to their users.

The key benefits of ASOC platforms can be divided into 4 categories ;

1) Continuous and automated scanning in DevOps pipelines

Instead of manually scanning projects at random intervals, ASOC platforms provide a single interface to schedule automated scans on all of the security tools used in the organization.

Security engineers can centrally set the frequency of each scan on each security tool or simply define the action (i.e. pull requests, merge attempts, etc.) in the pipeline which will trigger a scan.

Having some open-source scanners embedded on the platform, ASOC platforms also offer a cost-free way to test the waters of AppSec for companies that have not yet invested in commercial security tools.

Using these open-source scanners, organizations can warm up to security and start scanning their applications right away.

Bringing together security, development, and DevOps teams to decide on the processes on how to react to vulnerabilities could be a good starting point to make security an integral part of DevOps pipelines.

2) Centralized vulnerability management

Time is of the essence for understaffed security teams and vulnerability management is a big part of security teams’ daily workload.

Centralizing vulnerabilities that are normally scattered across various interfaces and even reports is a time- saving capability offered by ASOC platforms.

#appsec #devsecops #devops #secdevops #application-security

4 Key Benefits of Application Security Orchestration and Correlation (ASOC)

medium.com

4 Key Benefits of Application Security Orchestration and Correlation (ASOC)

4 Key Benefits of Application Security Orchestration and Correlation (ASOC). In the modern software development life cycle, there is a variety of security tools used in different phases of development pipelines.

1.10 GEEK