The RSA 2022 Conference was held in San Francisco, June 6-8, 2022. The cybersecurity industry once again welcomed RSA 2022, which was held in person at the Moscone Convention Center in San Francisco. . After a year-long hiatus due to Covid, the conference returned, stronger and at the right time to address developments from the recent past. With a heavy industry focus on software supply chain attacks, here are five key application security takeaways from this year’s RSA Conference:
- Application security and software supply chain attacks dominated industry attention – The last eighteen months have seen a huge increase in breaches related to the software supply chain. After incidents like SolarWinds, the Kaseya attack, Colonial Pipeline and many others, there were additional and more recent attacks like the Log4J and Lapsus$ attacks that affected Samsung, Nvidia, Microsoft, Heroku, Travis CI and many more.
- RSA conference adopted application security as a key topic for program sessions – Over the three days, June 6-8, in addition to all other product segments, DevSecOps and Software Integrity formed more than 40 keynote breakout sessions and sandbox sessions that were located within the space. Subcategories of Application Security, Open Source Security, Container Security, and Cloud Security.
- Organizations ask who is responsible for application security. Is it the development team or the security team? This year’s RSA conference featured segment-specific test areas. One of them was application security. One of the key presentations was “Spreading Application Security Ownership Across the Organization.” As the need for application security grows, this session sought to answer questions such as “who is responsible for application security and code security in the organization?” The actual titles or functional titles of application security engineer or product security engineer are beginning to appear on development or security teams as indicators that companies are serious about code security.
- Large security vendors have added, or are adding, application security and software supply chain security offerings to their solution portfolios.. Providers like Palo Alto Networks, Rapid7, Microsoft, Google, Amazon Cloud, Elastic Cloud, etc. have added application security and API security capabilities.
- Code security solutions are a growing category – Secure Code Review, Open Source Security, Software Composition Analysis, and Software Bill of Materials are adjacent categories of tools that are added to the SAST and DAST tools. Infrastructure as code (IaC) has seen tremendous growth as companies seek to automate the tedious task of setting up their cloud applications manually.
What’s new in BluBracket?
In the week leading up to RSA Conference 2022, BluBracket released major enhancements to its cloud-based code security platform to address high-risk content in code, including secrets in code, code leaks, access control risks and presence of PII, to name a few. Some of the highlights included the ability to consolidate the risks present in internally developed source code contained in git repositories and combine them with the risks of external dependency from tools like Snyk and others. This provides an unprecedented consolidated view of code risks. Additional capabilities include pre-built open source recipes for the BluBracket CLI tool, making it easy for AppSec developers and engineers to search for risks in Confluence, S3 buckets, and log files, in addition to source code.
To learn more about BluBracket’s code security solution, learn more. here
*** This is a syndicated Security Bloggers Network blog from BluBracket: Security Code & secret detection written by Pan Kamal. Read the original post at: https://blubracket.com/rsa-conference-2022-roundup-offers-a-lot-to-practitioners-of-devsecops-and-application-security/