Chess for AppSec: Developing an Application Security Strategy

Super Contributor.
Super Contributor.
3 0 2,154

Growing up as a kid, playing chess was one of my very first memories. It was fun, exciting and competitive. And you could do it for days without your parents play-shaming you (since it was not an unwanted behavior or just any other game, it was an “intellectual activity”).  I remember playing against my parents and neighbors while wanting to play with everyone I met. At that time, many matches were won, at least as many were lost and dozens of non-chess players were left frustrated with my enthusiasm about the game. To this day, I’m still amazed by the endless possibilities that a simple board and 64 pieces can present and how the lessons learned at chess can translate into our lives.

Chess for AppSec - Developing an Application Security Strategy.jpgThe more I played, the more I realized that beating your opponent was not about making the best opening nor making the right move at any given time. The thin line between glory and defeat depended on having the correct strategy to beat that particular opponent and executing it without losing focus. As a lifetime student of strategy (and chess), I believe the exact same rules apply for application security.

Application securing is about proactively preventing, identifying, protecting, and defending risk in applications caused by security vulnerabilities. Regardless of where our organizations stand today for securing our applications, we need a solid plan and consistent execution to reach our goals. Without an overall strategy, any software is doomed to become shelf ware, wasting money, effort and time while doing so. There are many different aspects to consider (such as current maturity level, culture, development and testing processes.

Whether it’s getting started, integrating and automating with the CI/CD pipeline or reaching maturity with your AppSec program, we need all the help we can get. In addition to the webinars linked above, TechBeacon’s recent buyer's guide for application security can provide a lot of valuable insights on developing a strategy including:

  • Implementing a Patch Management Program
  • Understanding the Cultural Shift
  • The Tools for Application Security

Developing AppSec strategy doesn’t guarantee that we’ll reach our goals, but just like in chess, not having a clear strategy does guarantee failure. 

This is part of a blog series pulling out some of the insights from The 2019 TechBeacon Buyer’s Guide to Application Security. Check out the report and share your feedback below.  Thank you for reading and I look forward to hearing your comments on this topic! 


About Micro Focus Fortify 

Fortify offers end-to-end application security solutions with the flexibility of testing on-premises and on-demand to cover the entire software development lifecycle. Complete software security assurance with Fortify on Demand -our application security as a service - integrates static, dynamic and mobile AppSec testing with continuous monitoring for web apps in production. 

About the Author
Application Security, Penetration Testing, Security
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.