Maintaining a high-quality, high-vitality development lifecycle by using modern approaches to development and automation is no small task. Like organizations around the country and around the world, you are on a journey to improve development and deployment processes to be more agile,automated, and robust.
It’s not just your development process that benefits from this effort. Improved agility and automation also enable you to deliver value to end users more quickly, and empower your team to pivot quickly in response to changing market dynamics.
Integrating application security testing into modern development and deployment approaches represents a significant change to clients. Traditional, manual methods of security testing are slow and don’t scale, and application security tools have been difficult to automate. This meant security testing approaches that didn’t keep up with continuously developed and evolving applications, tools with significant learning curves, long security scans that don’t fit well into continuous integration workflows – and security scan results still needed an expert human to triage with skill set that is expensive to acquire and hard to retain.
HCL’s premier application security offering, AppScan, is a solution that fully integrates into a DevOps strategy, allowing for complete application security evaluation as part of an agile, continuous integration development environment. AppScan already is a part of mature DevOps pipelines at numerous large customer-centric organizations.
Getting there, however, required a level focus, skill, and investment that many organizations believe they cannot dedicate to the application security challenge. Indeed, with a finite set of resources and budget, and the legacy of technical challenge of application security, it’s not surprising that fully integrated application security testing has lagged.
It’s our welcome challenge to streamline and focus our offering so that integrating application security in DevOps is achievable for development organizations of all sizes.
First, we believe that working with AppScan should be no more difficult that with any other popular DevOps tools. As such, HCL is focusing on simple integrations for automation engineers. In parallel, finding example integration code should be a simple search engine effort.
Next, AppScan seeks to deliver actionable results for developers in DevOps timeframes – not lagging behind the development effort. Using cognitive technology to expertly triage security results from automatically configured scans with the best scan coverage means application security can truly be part of the continuous integration workflow. Results are delivered to developers in familiar, trackable, and actionable ways; application security scan results become part of issue tracking just like enhancement requests and fixes.
Rounding it out, we at HCL recognize the importance of return on investment, insight, and governance for security teams and management. AppScan can contribute to operational metrics and thus help teams with continuous improvement goals, and help corporate security teams to set security policy to be deployed and enforced throughout the organization.
The AppScan team at HCL Products and Platforms is excited for the future of our product offering and our team makes strong progress toward this vision every day. We are developing exciting new features in our lab and are eager to roll them out. We are pleased to be working with sponsor users from leading client companies across financial services, technology, retail, and other market segments. These relationships give us deep insight into the application security and development challenges users face every day: we are committed to our customers and to being the best solution for application security available in DevOps.
This DevOps user community is part of commitment to engaging with customers and meeting your needs. We will be sharing progress here, including case studies, deep dives into application security technology, early looks at new capabilities, and how we integrate AppScan into our own DevOps workflows.
But we also want to know specifically what is of most interest to you. Please contact us if there are any topics you’d like to see covered.
Senior Technical Specialist
Connect with me on LinkedIn
Connect with me on LinkedIn