INTELLIGENT BRANDS // Software for Business
CA Southern Africa and Veracode reveal best practices for container security
As cybersecurity risks steadily increase , application security has become crucial . That means secure coding practices must be part of every developer ’ s skill set . Craig De Lucchi , Account Director at CA Southern Africa , explains how code is written and the steps taken to update and monitor it has a big impact on organisations and their applications .
“ There are a number of steps that developers can take to help secure software containers , such as enforcing the use of trusted container image repositories , eliminating image clutter by continuously monitoring what ’ s inside the container , and using secrets management tools to protect sensitive data ,” said De Lucchi , confirming that scanning software containers for vulnerabilities are also critical .
“ Historically , it was standard practice for security teams to perform testing near the end of a project and then hand the results over to developers for remediation . But best practices direct that tackling a list of fixes just before the application is scheduled to go to production is no longer acceptable as it increases the risk of a breach . The tools and processes necessary for manual and automated testing during coding are what ’ s required .”
Additional Veracode software testing services include :
• Veracode Static Analysis IDE Scan is a solution that runs in the background of a developer ’ s IDE to provide immediate alerts and feedback about potential flaws as code is being written
• Veracode Dynamic Analysis is a web application scanner service that inventories all public-facing web applications and performs both lightweight , productionsafe scans and deep scans to identify potential vulnerabilities
Veracode Static Analysis is an easy-to-use testing methodology that lets developers quickly scan web , mobile and desktop applications . With Veracode Static Analysis , developers can quickly identify and remediate vulnerabilities like cross-site scripting and SQL insertion without having to manage a tool .
Its patented technology scans binaries , eliminating the need for access to source code . Results are provided within four hours for 80 % of scans and 90 % of scans are completed within a day . With highly accurate results that are prioritised based on severity and include a step-by-step remediation plan , developers can fix flaws faster while avoiding wasting time on false positives . p
Craig De Lucchi , Account Director , CA Southern Africa
www . intelligentcio . com INTELLIGENTCIO AFRICA 63