Security Automation: What is it good for?

Automation: A vital piece of the security puzzle that we should understand well
  • revealing them,
  • preventing them,
  • managing them and
  • sometimes fixing them. (preventing and fixing mean different things, you may prevent a bug to be abused without fixing the root cause)
  • Security automation takes short time to complete relative to manual processes. It generally takes minutes to days to finish depending on the scope of work.
  • Security automation is repeatable. Due to short execution time, it can be scheduled daily, weekly, etc.
  • Security automation does not need expertise. The actual implementation of a solution, for example a static code analysis tool, requires deep understanding of programming languages, compilers and security. In contrast, executing and interpreting the results don’t require expertise to the same extent.
  • Security automation makes sure that every test is comprehensive, so that each and every one of individual tests includes a known number of checks. Moreover, the number of checks increase as the tools get updated.
  • Security automation plays nicely with other business and technical tools (such as JIRA, ServiceNow, Jenkins, etc.) through parse-able outputs and provided APIs. So that one can easily feed and synchronize data in existing workflow applications.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
CodeThreat

CodeThreat

33 Followers

CodeThreat is a static application security testing (SAST) solution. Visit codethreat.com