- Source code vulnerabilities
- Input validation
- Reliance on client-side validation
- Unintended script execution
- Session data exposure
- Unintentional user activity
Bridging the development and security divide
The need for secure web application development is ever present. A 2021 survey by GitLab found that over 84% of developers were releasing code faster than before. Unfortunately, only 2.7% of the respondents were automating security testing or shifting security left.
Bridging the divide between development and security comes down, in part, to understanding the risks associated with insecure development activities and vulnerable code. Developers, in particular, often find themselves caught between development velocity and web app security. Contrary to popular opinion, an accelerated application development cycle and application security are not mutually exclusive. In fact, with the right processes and tools in place, developers can still quickly churn out functional and elegant web applications and make the development process secure at the same time.
To help ensure a secure development process, here are five easy things developers can do:
- Move security to the left: Security needs to happen throughout the whole software development lifecycle. Take a few minutes to engage with the security team or security experts for advice and assistance.
- Know the OWASP Top Ten: Know what web application security threats are the most common and risky based on analysis by the Open Web Application Security Project (OWASP). Developers can use the OWASP Top 10 to set the stage for improving the security of web applications early in the development process.