Original Post: How to Assess the Security of Your Apps | by Sekurno
The content discusses the importance of understanding the current state of application security within an organization. It outlines several reasons for this need, such as integrating security into the Software Development Life Cycle (SDLC), conducting risk assessments, and evaluating vulnerabilities after a security incident. The article mentions various cybersecurity frameworks like OWASP SAMM, BSIMM, and NIST SSDF, which, while helpful, can be difficult to implement due to their generality.
Key steps recommended include creating an asset inventory to understand what needs protection, reviewing the SDLC for security integration, and conducting vulnerability assessments on applications and infrastructure. The article suggests working closely with DevOps and product owners to document all assets, prioritizing high-risk and compliance-driven resources for security evaluation, and using tools like Nessus and Acunetix for vulnerability scans. It emphasizes the need for both full-scale audits following standards like OWASP ASVS and timeboxed security testing for less critical applications.
The author, Alex Rozn, co-founder and CTO/COO of Sekurno, stresses the importance of documentation and ongoing security goals to improve an organization’s security posture. Follow Alex for more insights into cybersecurity and DevSecOps integration.
Go here to read the Original Post