Security Automation: What is it good for?

Automation is a key process for secure software development. It is a requirement because we are extremely short on resources and we need to catch-up with the speed of development to production. This is Bedirhan and in this post I’ll try to explain what security automation brings into our dubious battle against hackers. Equally importantly, I’ll try to list the stuff we should know about any security automation technology so that we never assume that we win the battle when we have them in-place.

Automation: A vital piece of the security puzzle that we should understand well
  • preventing them,
  • managing them and
  • sometimes fixing them. (preventing and fixing mean different things, you may prevent a bug to be abused without fixing the root cause)
  • Security automation is repeatable. Due to short execution time, it can be scheduled daily, weekly, etc.
  • Security automation does not need expertise. The actual implementation of a solution, for example a static code analysis tool, requires deep understanding of programming languages, compilers and security. In contrast, executing and interpreting the results don’t require expertise to the same extent.
  • Security automation makes sure that every test is comprehensive, so that each and every one of individual tests includes a known number of checks. Moreover, the number of checks increase as the tools get updated.
  • Security automation plays nicely with other business and technical tools (such as JIRA, ServiceNow, Jenkins, etc.) through parse-able outputs and provided APIs. So that one can easily feed and synchronize data in existing workflow applications.

CodeThreat is a static application security testing (SAST) solution. Visit codethreat.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store