The Developer’s Journey into AppSec

by Micro Focus Employee in CyberRes

Many Developers work in an ever-changing environment that puts Speed-to-Market as a high priority. Their time needs to be optimized; and workflow consistent so that their product can address their customer’s increasingly complex demands in a competitive timely fashion. This however often comes at the cost of ensuring the quality of their product. Which is why we have been seeing a trend of app developers implementing new practices such as testing earlier in development cycle/sprints (A.K.A. Shifting Left). At first, it was primarily testing the functional aspects of the application, but time only brings more complexity. Naturally, we now see developers test how secure their application is. So, the developer must adapt again and introduce this new task into their already time sensitive workflow.

The hard part, like always, is the transitional period

The Developer’s Journey into AppSecThis transitional period is what makes or breaks the adoption rate of any new tool and there are three areas that can ensure a smooth transition. Having seamless integration with other industry leading developer tools; an intuitive user experience with streamline information to multiple personas like developers; and the tool’s overall functional competence. It is in these areas that you will see the reason why Fortify has been a leading solution to close to a decade now. After all, a great tool is only as good as it’s ability to work with the rest of the tool set. Therefore, Fortify integrates with multiple industry leading tools that impact developers like IDEs, pipelines, ticketing systems, etc.

A complex problem with a simple and robust solution

For example, let say a .NET developer wants to integrate their Visual Studio IDE to Fortify. All they need to do is install the addon through an installation wizard and provide their Fortify credentials to access their instance. That checks seamless integration, but what kind of user experience should they expect from it? Well, with the IDE integrations you will see all vulnerabilities, or use one of the out-of-box filters to show the vulnerabilities assigned to a specific developer. Not only that, but the tool will provide the developer with the information needed to resolve the issue without leaving their Visual Studio IDE. This is all done so that developers don’t have to do repetitive actions like “alt+tabbing” between programs to do their daily testing efforts which is the embodiment of a streamline user experience. As for Fortify’s functional competence, OWASP Benchmarking has given our SAST testing capabilities a 100% true positive rate and we have been recognized by research firms such as Gartner that puts our solutions in a leading category.

History often repeats and our success proves it

This is just one of many situations we successfully incorporate developers in securing their application with Fortify as an industry proven solution through our seamless integration, and intuitive streamline user experience.

 If you want to learn more

Join our Community | Fortify discussion forum | Tips & Info | What is Application Security


Application security