Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Application security automation in development
Cyber Security: A Peer-Reviewed Journal,
5
(3),
216-226
(2022)
Abstract
Automated security services can provide on-demand resources that are easily adopted by development teams. To save time and money, application security should be incorporated as early as possible in the application development process. Security requirements are the earliest opportunity to build a secure foundation. Using automation, security requirements can be aligned to system and project attributes and used as a foundation for additional security activities such as secure coding examples and security testing. Later in the development process, automated testing services provide development teams with vulnerability scanning options, depending on whether legacy or modern development practices are used. Legacy development projects can benefit from on-demand source code scanning that does not require tool set-up or configuration. Modern development processes are a better fit for incorporating security testing in automated build-and-test pipelines using working example scripts. When created with development team needs in mind, automated application security services can be valuable resources for development teams that drive better security outcomes. This paper will discuss an approach to building and delivering consumable development security services to drive better security.
Keywords: application security-as-a-service; automation; best practices; security pipeline; security requirements; security testing
The full article is available to subscribers to the journal.
Author's Biography
Mike Kennedy , CISSP is a Senior Manager in the Medtronic Global Security Office (GSO), leading the Cloud Security and Application Security Center of Excellence. Mike has been working in IT for 25 years with 17 of those years working in various security disciplines. In his leadership role, Mike focuses on building strategic objectives and guiding and empowering his team and partners. He is responsible for ensuring effective security and compliance within the Medtronic cloud and application ecosystems.
Chris Perkins , CISSP is a Senior Principal Security Architect and application security product owner in the Medtronic Global Security Office (GSO) Cloud Security and Application Security Center of Excellence. Chris was an adviser to corporate counsel regarding electronic evidence identification, collection and analysis for litigation and investigations as a digital forensics investigator for 10 years. Since joining Medtronic in 2001, Chris has worked on cases involving intellectual property theft, fraud, employee misconduct and data privacy. He has also served as one of the company’s primary application security architects for mobile applications.
Maria Brown is a Senior Principal Cloud and Application Security Engineer in the Medtronic Global Security Office (GSO) Cloud Security and Application Security Center of Excellence. With a degree in computer systems engineering, Maria spent years as a full stack web application developer at Medtronic before joining the Cloud Security and Application Security Center of Excellence in 2017. The past development experience helps her partner with project teams to deliver integrated, achievable security goals. Her passion is automated security solutions that drive business agility while lowering support burden. Maria’s professional certifications include Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) and Certified Encryption Specialist (CES).
Kori Prins is a Cyber Security Analyst in the Medtronic Global Security Office (GSO) Cloud Security and Application Security Center of Excellence. Kori joined Medtronic in 2006 in the Field Services support centre and joined the Cloud Security and Application Security team in 2017. During that time, he has held multiple subject matter expert (SME) and team leader roles and worked on automating processes within the support centre. In his current role, he primarily partners with Medtronic’s application teams to assist with implementing and understanding the security applications as well as working to automate the deployment of Medtronic’s security tools and delivering their results.
