5 Application Security Concepts That Developers Should Master Now

By Neil Jones posted Fri September 28, 2018 08:02 AM


There are five key application security concepts that you must master to produce strong, secure apps. Check out this post to learn more about these key concepts.

It’s become common knowledge that developers need to incorporate strong application security into the software developed by their organizations. That being said, the application security testing technology space continues to evolve rapidly, and many developers are unable to keep up with all of the fast-paced developments.

The purpose of this blog is to spotlight five key areas of application security specialization that developers need to master now. They can be recapped as follows:

Artificial Intelligence

In a recent study by the Ponemon Institute, 60 percent of respondents felt positively about the potential ability of AI-based technologies to improve the productivity of their IT Security personnel. In the same study, 60 percent of respondents stated that AI-focused technologies provided more comprehensive security than humans alone could offer. You can learn more about AI by reviewing my recent blog on DZone titled, “The Magic of AI in Static Application Security Testing.”

Open-Source Security

According to research by IBM’s technology partner, WhiteSource, roughly one in 16 open-source download requests were for a known vulnerability. If you need to find out more about how your organization can better manage risks associated with your open-source components, check out our blog titled, “Why You Need to Think Differently About Open Source Security.”


Virtually, everyone who reads this blog should be familiar with the term, “DevOps.” But, are you familiar with the more recent term, “DevSecOps?” The concept of DevSecOps holds that security is a core component of the Software Development Lifecycle (SDLC) process, resulting in faster development cycles and improved vulnerability protection. For additional information on this compelling topic, check out Shannon Lietz’s blog called, “What is DevSecOps?”

Risk Management

In my day job in application security, I’ve often heard the false assumption expressed that “developers aren’t concerned about risk management.” From my perspective, nothing could be further from the truth. The developers I’ve personally collaborated with have taken strong pride of authorship in their code and certainly don’t want it to be riddled with security vulnerabilities. When you consider that 55 percent of respondents to a separate Ponemon Institute study stated that their organizations had no formal planned application security testing cycles, a baseline knowledge of potential risks that can result from security vulnerabilities is paramount for everyone.

Mobile Security

It is no longer sufficient for organizations to simply protect their users’ mobile devices. They also need to protect the applications that they develop for their customers, employees, partners, and other key stakeholders. Check out my co-authored blog with Larry Ponemon titled, “10 Key Findings From Ponemon Institute’s Mobile and IoT Application Security Testing Study,” to obtain further details.

Are there any additional topics that you’d like to include in the list above? Simply share your feedback in the comments section below. Thank you!

1 comment



Fri September 28, 2018 01:21 PM

Hello, AppSec Community! We would love to hear from YOU. From your perspective, what other major areas of focus should developers be familiar with? Please use the Comments section to share your valuable feedback- Thank you in advance!