Have You Been Pwned? Defect Remediation in a Hacker’s Paradise.
By: Sean Buckley
30 million accounts on Ashley Madison. 65 million accounts on Tumblr. 152 million credentials stolen from Adobe and even more from Linkedin. Massive data breaches are becoming an unwelcome way of life, a point not lost on Troy Hunt, a security professional and founder of haveibeenpwned.com. Troy reminds us that “data breaches are rampant and many people don’t appreciate the scale or frequency with which they occur.” His website allows users to search their credentials against an extensive repository of compromised credentials. Many active web users find their accounts have not only been exposed, but exposed several times in different data breaches. How can you hope to improve your security if you didn’t even know it needed improving?
HPE DevInspect knows how important it is to develop your applications right the first time. By providing immediate and continuous feedback to the developer on security vulnerabilities, this invaluable component of HPE Fortify helps dramatically improve the security of your code. New software is assessed inside the developer’s environment, offering deep, accurate, and actionable security recommendations as you type. By identifying errors long before the application enters formal testing, DevInspect allows you to effortlessly shift your development left, eliminating vulnerabilities at the source.
52% of web applications experience issues with input validation, cross-site scripting, SQL injection, or cross-frame scripting. As dev teams face these mounting complexities within their applications, they desperately need to accelerate defect remediation and secure their products. Luckily, DevInspect integrates perfectly into rapid agile projects to help eliminate recurrent issues dynamically. Through Fortify‘s Security Assistant feature, DevInspect highlights vulnerable code and suggests changes in real-time, providing detailed information you can use to correct your applications. This continual feedback will help blur the lines between your coding and testing phase, speeding up development cycles and overall defect remediation.
As the chart above details, the cost of defect remediation can balloon to over 100 times its original price had the error been captured and corrected earlier in development. By only taking into account resource and personnel inefficiencies,  this metric only scrapes the surface of financial liability should security vulnerabilities compromise client information in the final product!  Troy Hunt of haveibeenpwned.com elaborates further why his website is so important, “By aggregating the data here I hope that it not only helps victims learn of compromises of their accounts, but also highlights the severity of the risks of online attacks on today’s internet.”
Indeed, you can’t be too safe on “today’s internet,” and the balance of maintaining security and punctual delivery are often on a razor’s edge. HPE Fortify with DevInspect helps tip that development scale in your favor by increasing coding efficiency with real-time feedback and an extensive pre-production suite of testing software.
Read more about DevInspect for HPE Fortify and be sure to contact ResultsPositive about our ALM training and application security consultations at this link.
Subscribe for the latest RP Blog Updates: