Managing the AppSec Toolstack
The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now is determining how many layers are needed and what types of cybersecurity tools should be employed within each of those layers.
In an ideal DevSecOps world, developers would be given tools that allow them to not only implement cybersecurity controls as part of the application development process but also discover vulnerabilities as they write code.