Skip to main content
development speed doesn't need to be slowed by security
August 19, 2016

Don’t Get Left Behind: How Security Can Keep Up With the Speed of Development

You are tasked with ensuring that critical applications soon to hit production are secure. As an application owner, you meticulously configure a dynamic scan with features you wish to enable for your scan, crawl scripts, login scripts, whitelisting and blacklisting of specific sites, and you kick off a scan. The scan runs for a few days. But the production deadline is looming, and your developers have already worked hard to fix many of the bugs that were identified by the dynamic scanner in previous scans. Your team is in a tight SDLC timeframe and doesn’t have three days to rescan the application, when you had just run a full scan days ago.   

Does this sound familiar?

You shouldn’t have to run a full scan on an application that was very recently scanned, just to check if the flaws have been fixed. What you need is the ability to quickly retest the vulnerabilities that the previous full scan had identified. Dynamic retesting is a capability that can help with quick retesting of previously identified vulnerabilities.

The first benefit to dynamic retesting is time savings. By quickly retesting vulnerabilities without performing a full crawl and audit, you increase speed, agility and ultimately savings to the bottom line.

But dynamic retesting is by no means a one-trick pony. Let me walk you through a second use case. 

As a security lead, your job is to ensure the applications from your organization are periodically scanned using the dynamic scanner of choice. You have arrived at a cadence of running the scans monthly. Last month’s scan revealed a number of vulnerabilities that you had meticulously provided to the application owners. The developers got to work and fixed many of the vulnerabilities. In addition, they also updated parts of the web application, making it more user friendly, and added a few bells and whistles. The next scan that you perform will result in many different vulnerabilities and may not match the patterns that you had seen before. This results in an issue of scan consistency, where the only option would be to manually verify flaw differences between scans. 

How do you attack this issue? 

The second benefit to dynamic retesting is better scan-over-scan consistency. Dynamic retesting can be prepended to an existing full scan workflow, to ensure previously found vulnerabilities are re-assessed automatically in the next full scan.

In the end, with dynamic retesting, you streamline security assessments, don’t slow down developers and help produce more secure code more quickly. 

Bhavna Sarathy is a Principal Product Manager for the Veracode Web Application Scanning product line. Bhavna was instrumental in building the new Veracode Dynamic Analysis as the lead Product Manager, translating vision to execution. Bhavna enjoys building new products that delight security-conscious customers, and is adept at driving cross-functional teams toward common product portfolio goals. Bhavna has 20+ years experience in IT commercial software and 8+ years in product management and strategy. Bhavna holds masters' degrees in Computer Science and Electrical Engineering from The Ohio State University.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.