Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and Copilots
    • Innovation & Leadership
    • Cybersecurity
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
  • Summit NA
  • Dynamics Communities
  • Ask Copilot
Twitter Instagram
  • Summit NA
  • Dynamics Communities
  • AI Copilot Summit NA
  • Ask Cloud Wars
Twitter LinkedIn
Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and CopilotsWelcome to the Acceleration Economy AI Index, a weekly segment where we cover the most important recent news in AI innovation, funding, and solutions in under 10 minutes. Our goal is to get you up to speed – the same speed AI innovation is taking place nowadays – and prepare you for that upcoming customer call, board meeting, or conversation with your colleague.
    • Innovation & Leadership
    • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
    • Login / Register
Cloud Wars
    • Login / Register
Home » AppSec Automation: The Imperative for Speed
Cybersecurity

AppSec Automation: The Imperative for Speed

Chris HughesBy Chris HughesAugust 25, 2022Updated:January 27, 20234 Mins Read
Facebook Twitter LinkedIn Email
AppSec Automation: The Speed Imperative
Share
Facebook Twitter LinkedIn Email
Acceleration Economy Cybersecurity

One certainty when it comes to Application Security (AppSec) is that automation must be involved. The scale of vulnerabilities is simply too dynamic and expansive for humans to keep up. This is especially true when you couple it with the cybersecurity workforce challenges, which we have previously discussed, where security professionals are often exponentially outnumbered by their development peers, with some studies of large organizations projecting disparities as high as 100:1.

AppSec Tool Categories

The modern DevSecOps stack often consists of robust cybersecurity tooling, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Secrets Scanning, Attack Surface Reduction Tooling, Antivirus, and increasingly SBOM generation/scanning, just to name a subset of common AppSec tooling categories. We’re even seeing traditional manual tests, such as Penetration Testing increasingly making the shift towards automation, with innovative industry leaders such as Horizon3.ai.

The idea of conducting these scans, reviews, and reporting manually is simply unrealistic for any organization, especially those interested in achieving Continuous Delivery or Continuous Deployment. Couple this with the push to “shift security left” and we’re seeing increased security testing earlier in the Software Development Lifecycle (SDLC). That said, this push needs to come with an approach that minimizes friction in the development. Otherwise, it will impede the delivery of business value to customers and organizational stakeholders.

Security Activities Aren’t All Easy to Automate

While many of these tool categories can be automated to some extent when it comes to scanning, it is the follow-on activities of analysis, mitigation, and remediation that aren’t quite so simple to automate. This is due to the fact that these activities often involve human analysis to determine the true severity of the vulnerability, its exploitability, and how it aligns with the organization’s defined risk tolerance, if one has been defined.

Another challenge for many organizations is the actual aggregation of the vulnerabilities that have been identified by these myriads of tools. Organizations often struggle to collectively bring together the findings from these bespoke toolchains.

That said, organizations are increasingly making headway towards security automation when it comes to AppSec tool scanning activities. We’re seeing robust platforms, such as GitLab, which dubs itself “the one DevOps Platform” with a focus on facilitating the shipping of code from planning to production, in a secure and streamlined manner.

A Different Approach to Application Security

Other attempts outside of tool unification to help streamline and automate application security activities include leaders such as Snyk, which leads with a developer-centric approach to application security. Snyk strives to help developers not only identify vulnerabilities in their code, containers, and dependencies, but also facilitate the automation of vulnerability remediation as well.

This approach makes sense, given developers are often assessed on their productivity. This often involves the ability to get code and value to production faster to respond to either market pressures and demands or mission dynamics in high assurance environments, such as the Department of Defense (DoD).

It is also worth noting that the ability to quickly deliver code to production without disruption isn’t just tied to business application focus areas but also actual vulnerability remediation and risk reduction, as studies indicate that high-performing teams that can ship code to production faster are actually more stable and secure as well.

This presents a dichotomy where there are competing pressures that present the dilemma of failing to quickly deliver code to production or ignoring or failing to address potentially critical vulnerabilities that can be exploited by malicious actors, which impacts customer relationships, generates regulatory ramifications, or worse, potentially puts lives in jeopardy.

Final Thoughts on AppSec

While there’s no panacea when it comes to AppSec automation, one thing is for certain: Organizations are steadfast in pursuit of time to value, facilitated by automated security testing with the intent of minimizing friction on the business or mission while driving down organization security risks. However, this is a delicate dance with no simple solution, and one that organizations will continue to struggle with for the foreseeable future.


Want more cybersecurity insights? Visit the Cybersecurity channel:

Acceleration Economy Cybersecurity

Interested in Snyk?

Schedule a discovery meeting to see if we can help achieve your goals

Connect With Us

Book a Demo

apps automation Cybersecurity featured Featured Post Snyk
Share. Facebook Twitter LinkedIn Email
Analystuser

Chris Hughes

CEO and Co-Founder
Aquia

Areas of Expertise
  • Cloud
  • Cybersecurity
  • LinkedIn

Chris Hughes is a Cloud Wars Analyst focusing on the critical intersection of cloud technology and cybersecurity. As co-founder and CEO of Aquia, Chris draws on nearly 20 years of IT and cybersecurity experience across both public and private sectors, including service with the U.S. Air Force and leadership roles within FedRAMP. In addition to his work in the field, Chris is an adjunct professor in cybersecurity and actively contributes to industry groups like the Cloud Security Alliance. His expertise and certifications in cloud security for AWS and Azure help organizations navigate secure cloud migrations and transformations.

  Contact Chris Hughes ...

Related Posts

SAP Q2 Outlook: I Expect Cloud Revenue to Rise 27%, Cloud Backlog 29%

July 22, 2025

Microsoft Drives AI and Copilot Functionality Deeper Into Top Security Platforms

July 22, 2025

SAP Q2 Preview: Cloud Revenue Will Grow 27%, Cloud Backlog 29%

July 22, 2025

Oracle Claims Unique Edge in AI and Cloud Delivery as Hyperscaler Battle Heats Up

July 21, 2025
Add A Comment

Comments are closed.

Recent Posts
  • SAP Q2 Outlook: I Expect Cloud Revenue to Rise 27%, Cloud Backlog 29%
  • Microsoft Drives AI and Copilot Functionality Deeper Into Top Security Platforms
  • SAP Q2 Preview: Cloud Revenue Will Grow 27%, Cloud Backlog 29%
  • Oracle Claims Unique Edge in AI and Cloud Delivery as Hyperscaler Battle Heats Up
  • Oracle: No One Can Match Us in Cloud Infrastructure

  • Ask Cloud Wars AI Agent
  • Tech Guidebooks
  • Industry Reports
  • Newsletters

Join Today

Most Popular Guidebooks and Reports

SAP Business Network: A B2B Trading Partner Platform for Resilient Supply Chains

July 10, 2025

Using Agents and Copilots In M365 Modern Work

March 11, 2025

AI Data Readiness and Modernization: Tech and Organizational Strategies to Optimize Data For AI Use Cases

February 21, 2025

Special Report: Cloud Wars 2025 CEO Outlook

February 12, 2025

Advertisement
Cloud Wars
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Marketing Services
  • Do not sell my information
© 2025 Cloud Wars.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.
body::-webkit-scrollbar { width: 7px; } body::-webkit-scrollbar-track { border-radius: 10px; background: #f0f0f0; } body::-webkit-scrollbar-thumb { border-radius: 50px; background: #dfdbdb }

Notifications