Attackers increasingly focus on software vulnerabilities in what application security expert Anthony Lim calls "the invisible onslaught." How can the CISO exert more control over software development?
It all starts with acknowledging the application security challenge says Lim, who spoke on the topic of "Application Security - The Invisible Onslaught Gets Worse" at RSA Conference Asia Pacific & Japan.
"Hackers know today that these CISOs' companies have very strong network security solutions in place," Lim says. "So, they need a new place to hack, which is the applications, the web, the cloud - simply because network security solutions do not stop application attacks."
Traditionally, CISOs have been hands-off of software development, but they need to exert a stronger influence now, Lim says. "There should be a stronger relationship between the CISOs and the development teams simply because the only way to stop security issues in application development is QA."
In an interview recorded at RSA Conference Asia Pacific & Japan, Lim discusses:
- Today's top application security challenges;
- Why security often is overlooked in software development;
- How (ISC)2 seeks to developer stronger application security skills globally.
Anthony sits on ISC2.org's Application Security Advisory Board; a pioneer CSSLP and recipient of its Senior Professional and President's awards. He is a 20-year veteran in Asia Pacific cyber-security business development, management, practice and advocacy. Anthony was a regional security business leader at Whitehat, IBM, CA, Check Point and some other US vendors. He is a popular speaker and content contributor for many conferences, media, and government committees in AsiaPac.