Skip to main content
Application Security padlock icon

This post is from the Arxan blog and has not been updated since the original publish date.

Last Updated Feb 13, 2019 — Application Security expert

Part 3: App Security Should Be An Integral Part Of Your DevSecOps Process — Not An Afterthought

Application Security


Situations When DevSecOps Won’t Work

Though DevSecOps is getting more popular by the day, and has many benefits to an organization, there are certain projects which aren’t suitable for DevSecOps.

Typically, a successful DevSecOps process should be reserved for those applications running in a zero-trust environment, i.e. applications that are deployed into the outside world, via app stores or available on the public web.

What kind of applications or projects are not suitable for DevSecOps?

Legacy applications should typically be avoided when considering projects/applications to put through your organizations DevSecOps team. Typically, these applications should be assessed using a formal Pen Test. Often the source code for these applications may not be readily available or were written by a third party. As such they should be assessed by an external team for serious violations and remediated when resources and time permit.

Applications that will be running within your organizations security perimeter or behind it’s physical walls without access to the outside world should be avoided. These applications may contain weaknesses or not fall in line with traditional secure coding practices, but the risk of these weaknesses being exploited is significantly less as they most likely would never be available to a potential attacker. As such the stringent requirements made for your public facing applications can be deferred and you can prioritize your DevSecOps efforts on protecting your most critical applications.

For internal applications, you may want to consider another approach to ensure secure deployment and a level of protection via an application management solution. Arxan offers a solution which does not require a device management solution. With an app beta testing solution, deployment solutions for any device, and the ability to customize compliance or security policies, it provides an easy way to manage and secure internal apps without having to utilize your new DevSecOps process.

To learn more how to streamline and optimize your DevSecOps process, read the next post.


More from the Blog

View more
Aug 09, 2022

Secure mobile application vulnerabilities with an inside-out approach

Application Security
Effective mobile application security is a comprehensive software secu ...
Read More
Jan 18, 2022

Be aware or beware: Easily insert security into your mobile apps

Application Security
COVID-19 has quickly pushed companies over the technological tipping p ...
Read More
Dec 23, 2021

Using machine learning to detect malicious packages

Application Security
Staying up to date with new technology in today’s advanced digital age ...
Read More
Dec 17, 2021

Log4j: Not the Vulnerability We Want, and Not the Vulnerability We Need

Application Security
Log4j is the reminder we didn’t need: the reminder that vulnerabilitie ...
Read More
Contact Us