File:20151014-Application Security Testing by Static Code Analysis-blitzfranklyn.pdf

Application security is in the focus of attention in a world where digitization is becoming one of the key business success factor and where current breaches show that companies face serious threats from professional hackers. For security professionals nowadays to secure their networks and applications there is available a broad arsenal of technologies like web application firewalls, intrusion detection systems, data leakage preventions and so forth. While these technologies assume that underlying applications might be vulnerable, we believe that we need to bring security inside our assets: The source code. This is why we at Swisscom execute security measures inside the software development pipeline as early as the first line of code has been written. Automated Application Security Testing in a white box fashion on source code level with direct feedback to the developer. Like this we are securing our applications as early as it gets in the lifecycle, much before they go into production.