The RSA 2022 conference was held in San Francisco, June 6-8, 2022. The cybersecurity industry once again hosted RSA 2022 held in person at the Moscone Convention Center in San Francisco. After a year-long hiatus due to Covid, the conference was back, stronger and timely in addressing developments from the recent past. With a huge industry focus on software supply chain attacks, here are five key application security takeaways from this year’s RSA conference:
- Application security and software supply chain attacks dominated industry attention – the past eighteen months has seen a huge increase in breaches related to the software supply chain. Following incidents such as SolarWinds, Kaseya attack, Colonial Pipeline and many more, there have been additional and more recent attacks such as the Log4J and Lapsus$ attacks which affected Samsung, Nvidia, Microsoft, Heroku, Travis CI and many others.
- RSA Conference Adopts Application Security as a Key Theme for Program Sessions – over the three days, June 6-8, in addition to all other product segments, DevSecOps and Software Integrity put together over 40 major track sessions and sandbox sessions that slotted into the space. Subcategories of Application Security, Open Source Security, Container Security, and Cloud Security.
- Organizations ask who is responsible for application security? Is it the development team or the security team? This year’s RSA conference featured segment-specific sandbox areas. One of them was application security. One of the main presentations was “Extending Application Security Ownership Across the Organization”. As the need for application security increases, this session sought to answer questions such as “who is responsible for application security and code security in the organization?”. The actual titles or functional titles of Application Security Engineer or Product Security Engineer are beginning to be populated in development or security teams as indicators that companies are taking code security seriously.
- Major security vendors have added or are adding application security and software supply chain security offerings to their solution portfolios. Providers such as Palo Alto Networks, Rapid7, Microsoft, Google, Amazon Cloud, Elastic Cloud, etc. have added application security as well as API security features.
- Code security solutions are a growing category – Secure Code Review, Open Source Code Security, Software Composition Analysis, and Software BOM are adjacent tool categories added to SAST and DAST tools. Infrastructure as code (IaC) has seen tremendous growth as enterprises seek to automate the tedious task of manually configuring their applications in the cloud.
What’s new at BluBracket?
In the week leading up to RSA 2022, BluBracket launched major enhancements to its cloud-based code security platform to address high-risk content in code, including in-code secrets, code leaks, access governance risks and the presence of PII to name a few. Some of the strengths included the ability to consolidate the risks present in internally developed source code contained in git repositories and combine them with the risks of external dependency of tools such as Snyk and others. This provides an unprecedented consolidated view of code risk. Additional features include predefined open-source recipes for BluBracket’s CLI tool, making it easier for AppSec developers and engineers to search Confluence, S3 buckets, and log files for risk, in addition to source code.
For more information on BluBracket’s code security solution, click here
*** This is a syndicated blog from BluBracket’s Security Bloggers Network: Code Security & Covert Detection written by Pan Kamal. Read the original post at: https://blubracket.com/rsa-conference-2022-roundup-offers-a-lot-to-practitioners-of-devsecops-and-application-security/