23
Jan

Can IT Security Keep Pace in an Agile World?

Posted by Michael Vizard
Michael Vizard
Mike has more than 25 years of experience covering IT issues in a career that in
User is currently offline
in Application Security

There’s no better example of how much IT security is still considered an afterthought than the whole shift to agile application development. In theory, agile application development is a major business boon because it dramatically increases the rate at which new application and follow-on updates are delivered.

While that may good for developers, it creates a challenge for IT operations people trying to manage the overall environment and an absolute nightmare for IT security people. Let’s face it: Application developers don’t go in much for worrying about testing. And when there is any application testing to be done, chances are the testing that is done will focus a lot more on potential performance issues than on security.

There is no better example of a security issue tied directly to application testing than SQL injections. TechWorld reported that Neira Jones, head of payment security for Barclaycard, recently said at the Infosecurity Europe Press Conference in London that 97 percent of data breaches worldwide are still due in part to a SQL injection.

Fingerlink-Application-Security

This low-level attack on applications has been around for more years than anyone cares to admit, and yet it’s still the No. 1 vulnerability cybercriminals exploit. The only reason this is possible is that during the testing process application development teams routinely forget to scan for this vulnerability.

That means there is no correlation today between the quality of an application and its level of security. Too many developers see security as being somebody else’s problem. On one level, this is a good thing for IT security professionals because it creates jobs for them. On the other hand, when it comes to IT security developers have become a major liability.

That set of circumstances is about to become a whole lot worse when you look at the rate at which new applications and updates are being rolled out in the shift to agile development methodologies. Unfortunately, not enough developers are taking IT security seriously, which means it’s just a matter of time before things soon go from bad to even worse.

 

Tags: agile development, application testing, IT security, Security, SQL injection

Comments

No comments made yet. Be the first to submit a comment

Leave your comment

Guest
Guest Sunday, 19 May 2013