Application security differs from other forms of security in the number of people it affects. Unlike installing a firewall or anti-virus software, an application security program will affect the everyday routines of many employees in many departments throughout your organization. And you need those employees to buy-in to the goals and policies of your program for it to succeed. Want a good way to get that buy-in? Get a quick win. When you quickly show progress and results, stakeholders will take notice and be more willing to give their support, and funds, to your program.
An excellent quick-win starting point is web application security. Web applications are your most public, and often most vulnerable, software. And they present a unique challenge in that they are popping up all the time, and no one really has a handle on how many are out there. Organizations end up with web apps on their perimeter that they no longer want or need, or even know about, but that are exposing them to cyberattacks. However, with the right tools, this high risk also makes web apps a quick, high-profile win. Using an automated discovery tool, you can quickly discover how many web apps you have and which pose the greatest threat. With this information, you can shut down apps that are no longer necessary and make a solid plan for addressing the riskiest of the remaining ones. Just with those few steps, you’ve improved the security posture of your company and proven the concept of your bigger application security plan.
Check out our new guide, Quick Wins: Why You Must Get Defensive About Application Security, for more details on proving the value of your AppSec program with a quick win.