The Top 4 Application Security Defenses You Didn’t Know You Needed...........................................................
By Jonathan DiVincenzo, Head of Product, Signal Sciences
Application security isn’t a young buck anymore. The Open Web Application Security Project (OWASP) is
15 years old. But while application security is well into its teenage years, vulnerabilities like SQL injection
and XSS still dominate the rankings of the OWASP Top Ten. This is concerning. But what’s more concerning
is that while attack vectors and techniques are still largely the same, software development models have
completely shifted, as with the proliferation of microservices architectures, for example.
One major change in software development is the delivery cadence of an application. Instead of a mainly
static application that changes only a handful of times per year, deploys now happen continuous. Further,
most software development teams have adopted DevOps and have operational insight (via dashboards and
metrics) and operational control (via chatops) without root access.