Looking ahead to AFCEA WEST 2024: Building out the 7 pillars of Zero Trust

Invicti will be there in San Diego for AFCEA WEST 2024 to talk AppSec with military and federal cybersecurity leaders. Invicti’s DAST-first approach dovetails perfectly with DoD’s Zero Trust strategy, bringing integrated and automated vulnerability testing into the software development lifecycle.

Looking ahead to AFCEA WEST 2024: Building out the 7 pillars of Zero Trust

Invicti is excited to be exhibiting at AFCEA WEST in San Diego on Feb 13–15 this year. Now in its 34th year, the event brings together military and industry leaders to network, discuss, and demonstrate cutting-edge technology solutions. WEST is co-sponsored by AFCEA International and the U.S. Naval Institute and focuses on industry collaboration with the U.S. Navy, Marine Corps, and Coast Guard.

Stop by Booth 934 to chat with Invicti’s experts about application security, the latest developments in the world of DAST, and proven ways to cut the noise in AppSec. Visit our booth to:

  • Get a demo to see how we’re transforming web application security
  • Grab a complimentary copy of our eBook All Eyes on Security
  • Spin the wheel to win Invicti swag

Delivering on Zero Trust fundamentals from the DoD strategy

Underpinning the cybersecurity agenda at AFCEA WEST will be the DoD Zero Trust strategy with its seven pillars, and any discussion of security in the defense sector needs to start with these foundations:

Department of Defense Zero Trust pillars
Source: DoD Zero Trust Strategy

In recent years, defense agencies have focused heavily on establishing the foundations of Zero Trust by enabling stronger authentication methods for network and application access, encrypting devices, and consolidating web access through the Trusted Internet Connections (TIC) initiative.

With those three pillars in place, the main risk of compromise now weighs on the next pillar: the everyday mission-critical applications used by agency employees and warfighters. To minimize the danger of a successful attack, every application and API needs to be scanned for vulnerabilities at multiple points in its lifecycle. Purely manual methods of application testing can no longer keep up with rigorous schedules, which is where current application security recommendations for embedding vulnerability management directly into the software development lifecycle (SDLC) fit into the DoD strategy of automation and integration.

The DoD continues efforts to streamline the software development life cycle across its different agencies and services. The main focus has been on building software factories like the Air Force Platform One that not only provide a flexible containerized environment with Kubernetes orchestration but also maintain the Iron Bank repository of best-of-breed components that are vetted against stringent DoD security controls.

Once applications have been developed and moved into production, they need to be continually monitored to avoid compromise. This is where the final pillar of visibility, analytics, and metrics comes into play, with all software being subject to a continuous process of assessment to ensure ongoing compliance and authority to operate (ATO).

Bringing in zero-noise DAST to deliver on Zero Trust strategies

Automated dynamic application security testing (DAST) is well positioned to cover a significant part of web application and API security testing in line with the DoD’s cybersecurity strategy. Mature solutions such as Invicti’s can integrate into the SDLC for dynamic security testing in the pipeline while also operating as a production vulnerability scanner in a continuous process. Being technology-agnostic, DAST provides web vulnerability testing coverage regardless of the underlying technology stack, infrastructure, or availability of source code.

The Invicti solution is already used and trusted by a number of federal departments and agencies, including services within the DoD, so we’re looking forward to seeing you at AFCEA WEST Booth 934 to discuss how Invicti can help you deliver on your cybersecurity mission.

Zbigniew Banach

About the Author

Zbigniew Banach - Technical Content Lead & Managing Editor

Cybersecurity writer and blog managing editor at Invicti Security. Drawing on years of experience with security, software development, content creation, journalism, and technical translation, he does his best to bring web application security and cybersecurity in general to a wider audience.