Dynamic Application Security Testing (DAST) tools have been around for decades. However, what was once the dominant market solution is becoming obsolete. Primarily, this shift boils down to organizations moving to DevOps practices, which is the philosophy of getting all the teams to work closely together, throughout the SDLC, with the focus being on efficiency, fast feedback, and constant improvement. Through adoption, organizations can release code faster than ever before; sounds great, right? The downside is that the lion’s share of organizations are still knowingly releasing vulnerable Apps and APIs into the market. So, although speed has improved, security has not. By not finding vulnerabilities early enough in the SDLC, organizations are unable to take swift action to remediate and protect themselves. This is where Bright comes in.
DAST tools scan your application from the outside in, simulating an attack. Traditionally, DAST scanning was conducted during the final two stages of the SDLC: testing and release/maintenance. When releasing every couple of months, testing during the final stages didn’t pose a problem as there was still time to find and remediate vulnerabilities. However, the advent of DevOps posed a problem for these legacy tools. Equipped with new speed, organizations could now release faster than ever before. The problem was that the AppSec team could no longer keep up with this new fast-paced way of doing things. As a result, there was no time to verify that there were no vulnerabilities before release.
Understanding this, Bright’s CEO and Co-founder, Gadi Bashvitz, wondered whether Bright could create a DAST solution that would start scanning earlier in the development life cycle, thereby empowering developers to take control of their own DAST scans. In doing so, organizations can get the information they need early enough in the SDLC to resolve vulnerabilities in minutes. This saves time and money, as waiting until pre-production or production to resolve the same problem could take weeks to resolve due to heavy processes, context switching, having to redo testing, etc., affecting the entire sprint. By providing developers with tools made for them, to be implemented early on in the SDLC, organizations gain the confidence to release applications and APIs without the risk of releasing vulnerabilities into the market.
Is Bright Reinventing DAST?
Simply put, yes! By integrating DAST earlier in the system development lifecycle, Bright has helped hundreds of companies shift left.
But, you may be asking yourself, what does it mean to shift left?
Shifting left is the philosophy behind starting security earlier in the SDLC, by building it into every phase, starting from the project kick off meeting. In doing so, organizations can focus on what truly matters, releasing code. They can also save time, money, and their reputation!
Adopting a shift-left approach to our dev-centric DAST, you can find vulnerabilities earlier in the SDLC, minimizing internal friction to create a cohesive team and an overall more secure application.