What is challenging secure application development?
A Censuswide report reveals the biggest security challenges that application security (AppSec) managers and software developers are facing within their organizations in today’s threat landscape.
Report findings are based on online survey input from two samples of 754 AppSec managers and 770 software developers, collected globally between August 10 and 31, 2021.
“Security breaches within the enterprise have unfortunately become a societal norm, so identifying those gaps and creating the solutions to eliminate them is integral to the success of businesses today,” said Maty Siman, Checkmarx founder and CTO.
“Overcoming these security challenges should be a top priority for modern organizations, and the results of this report attest to the specific needs of our trusted AppSec and developer communities.”
Building confidence in security
Following an AppSec-related incident, 38% of AppSec managers and software developers said their organizations deployed penetration testing exercises to prevent future breaches. Meanwhile, 40% of software developers stated their organizations issued mandatory AppSec training.
Despite multiple breaches in the last year due to vulnerable applications, 81% of developers remained confident in their ability to build a secure product, showcasing a commitment to selecting the proper tools to protect their organizations.
Supply chain challenges
26% of respondents cited “gaining visibility into open source packages being utilized in custom applications” as the biggest challenge when visualizing and securing their software supply chains.
Forty-nine percent of software developers said they are adopting a DevSecOps model with security as a supply chain focus to lessen their risk of a breach, with 42% of AppSec managers saying the same.
Cloud adoption
54% of AppSec managers and software developers stated that the shift to the cloud increased their concerns around secure application development.
However, each group’s challenges differed: AppSec managers struggled the most with adopting cloud native security testing methodologies (37%), whereas software developers had more difficulty with effectively and efficiently monitoring applications running in the cloud (41%).
AppSec training and awareness
Software developers said they receive application security and awareness training six times a month on average. The major concern lies in the effectiveness of the training as 23% of developers and only 17% of AppSec managers described the training as effective.