Security champions and DevSecOps: Invicti at Infosecurity Europe 2022
Building effective application security programs and working with security champions in your organization were hot topics at Infosecurity Europe 2022. The Invicti team was right there, complete with a prize wheel at the booth and a strategy talk delivered by our CMO Alex Bender.
Your Information will be kept private.
Your Information will be kept private.
Hot on the heels of RSA Conference 2022 came Infosecurity Europe 2022, the UK’s biggest cybersecurity event – with Invicti in attendance as a sponsor and featured exhibitor. During an action-packed three days punctuated by railway strikes, we spoke to hundreds of people interested in application security, from existing customers coming to say hello to CISOs looking to get started with automating their security program. Invicti CMO Alex Bender also delivered a talk about the importance of security champions for building DevSecOps.
Spreading the word about Invicti
While our web security legacy spans back to the dawn of vulnerability scanning in 2005, the Invicti name is still gaining ground in the security space, especially since being recognized as a Challenger in the Gartner Magic Quadrant in April 2022. In talking to booth visitors, we were excited to explain how the Netsparker (now Invicti) and Acunetix products were combined into a single family offered under the Invicti banner. But whether or not they were already familiar with our name and products, all visitors enthused over our take on web application security. No less popular was our prize wheel, which doubtless also contributed to the intense traffic at the Invicti stand. But don’t take our word for it, here’s a video:
Security champions help companies build DevSecOps
Building security into existing development workflows is high on the agenda for the vast majority of organizations that develop their own web applications. This was confirmed in conversations at the booth, where we could see similar needs and challenges across companies of all sizes and application security (AppSec) maturity levels. Whether they already had experience with AppSec testing or were only just dipping their toes for the first time, those we chatted with agreed that building a DevSecOps process is an efficient way to maintain consistent application security at the pace of DevOps – at least in principle. In practice, combining security testing and remediation with development without jeopardizing the release schedule is always a challenge.
One way to infuse security awareness directly into your development teams is through a security champions program. Invicti’s Chief Marketing Officer Alex Bender delivered a talk about the importance of security champions for building DevSecOps where he delved into some of the reasons why you need such a program and suggested how to get there. A security champions program is one way to move away from the security team vs. development team mindset that plagues many teams and truly make security everyone’s job. By finding, fostering, and rewarding security-minded developers, companies can spread application security expertise across their development organizations to speed up remediation and improve security posture in the long run.
Customers confirm: DAST is a must
A common theme in our conversations at Infosecurity Europe was that many organizations who had shifted left purely by adding static application security testing (SAST) to their development workflows were not seeing the security improvements they’d been hoping for. Without a clear way to tell which security issues are actionable and should be prioritized, companies are struggling to get value from their security solutions. Dynamic application security testing (DAST) fills this gap by focusing on security issues that would be accessible to attackers if they made it into production.
Across dozens of demos, our engineers showed visitors how a top-of-the-range DAST solution like Invicti Enterprise can deliver accurate, reliable, and clearly prioritized results directly into issue trackers and web development pipelines. Tying back to our session on security champions, this level of integration makes it possible to resolve the majority of serious security defects entirely within the development team, with security champions providing all the additional remediation guidance that is needed. And when you get to that level of efficiency, integration, and automation, you can finally think realistically about DevSecOps.
With all of the buzz around establishing security champions programs and integrating more modern security solutions to keep up with mounting threats, we left Infosecurity Europe 2022 feeling confident about our upward growth in the industry and excited about the future of application security. Some of the chatter we heard at the booth confirms that there’s no shortage of work to be done in reducing the web attack surface of organizations without hampering software innovation – and we can’t wait to help everyone get there.
See you next year!