How responsible are developers for application security?

There are many different roles within a company – each playing an essential role in the security of your information & web app security. When vulnerabilities are found, it is vital to identify how they occurred and review staff competencies.

Your competencies review should keep in mind the salary and experience of each staff member. For example, if your developer has promised or assured security, is the vulnerability an oversight or something they should have known about and been aware of.

Developer’s view of application security

According to GitLab, almost 40% of developers felt that they were on the hook for security and solely responsible. Only one-third of developers say they shared the burden of security with other teams.

According to the GitLab survey, employers don’t look for security qualities in a developer. They are more concerned with having a working product and how easy the project is to pass over. Developers echo this by admitting they feel as though they lack proper guidance.

Developers need to know so many design and programming languages and methodologies that you can’t expect your platform to be flawless unless you have paid for a cybersecurity expert.

On top of that, business owners are responsible for having a BC/DR (Business Continuity and Disaster Recovery) plan which should include a) what would happen in the event of a cybersecurity incident and b) appoint security roles and tasks to specific personnel.

Achieving application security

Web app security is a branch/ child of information security, which encompasses everything. Finger-pointing after an incident is pointless. While web app security starts with developers, it is up to each individual to ensure that they and those within their team are both knowledgeable & compliant with the BCDR & security policies.

Primarily a security culture must exist, moving security to the left so that it is in the initial stage of the development process. Taking an approach where security is bolted on at the end is a route towards failure, with successful attacks and data breaches sure to follow.

Application development should include compliance and penetration testing. Pen testing ensures security by testing applications for weaknesses and external vulnerabilities using the same manual and automatic techniques and methodology as attackers.

Contact Omnicyber Security for a free consultation and to arrange CREST certified annual and pre-release web application penetration testing

Contact us

Related Articles

encryption

What does Salting the hash mean (is it effective?)

Passwords are the cornerstone of security, preventing unauthorised access to your network, applications, and customer accounts. The challenges of password security include storing them. If you store passwords in a database as plain text, anyone who gains access to the database can read them, just like the words in this explainer. Salting the hash is a technique that protects against this vulnerability.

Find Out More