How to Spend Less Time on Web and API Security

3 – 5 min read 32 06/30/2022

With web and API security becoming an increasingly important aspect of software development, “shift left” is gaining wide acceptance as a best practice to ensure security integrates with development early. More and more cybersecurity companies are releasing relevant products and capabilities, and the practice is becoming almost de facto for engineering teams.

However, the software industry has begun to realize that simply “shifting left” is not enough for a continuous delivery world. High velocity development teams are embracing a security approach where security is addressed starting from the first line of code. This means product security isn’t just delivered by the developer team but is rather owned by them.

Balancing security with development is easier said than done. Many challenges are impeding the process. Developers in communities talk about these challenges and it is wise to listen to them.

Challenges of API Security Agile Development and Short Lifecycles

“The biggest challenge is that development is agile, and they are using small lifecycles,” says Yiannis Koukouras, Managing Director at TwelveSec. “Developers have a sprint of two weeks to deliver the product with very little time to spend on security. I have seen apps being finished in just eight days and then they only have two days to test the finished product,” explains Koukouras.

“You just don’t have time to build secure systems,” admits stemid85 on Reddit. Businesses are always pushing the boundaries to meet time

Read more

Explore the site

More from the blog

Latest News