Skip to main content
Application Security Image

This post is from the Arxan blog and has not been updated since the original publish date.

Last Updated Feb 13, 2019 — Application Security expert

Part 3: App Security Should Be An Integral Part Of Your DevSecOps Process — Not An Afterthought

Application Security

 

Situations When DevSecOps Won’t Work

Though DevSecOps is getting more popular by the day, and has many benefits to an organization, there are certain projects which aren’t suitable for DevSecOps.

Typically, a successful DevSecOps process should be reserved for those applications running in a zero-trust environment, i.e. applications that are deployed into the outside world, via app stores or available on the public web.

What kind of applications or projects are not suitable for DevSecOps?

Legacy applications should typically be avoided when considering projects/applications to put through your organizations DevSecOps team. Typically, these applications should be assessed using a formal Pen Test. Often the source code for these applications may not be readily available or were written by a third party. As such they should be assessed by an external team for serious violations and remediated when resources and time permit.

Applications that will be running within your organizations security perimeter or behind it’s physical walls without access to the outside world should be avoided. These applications may contain weaknesses or not fall in line with traditional secure coding practices, but the risk of these weaknesses being exploited is significantly less as they most likely would never be available to a potential attacker. As such the stringent requirements made for your public facing applications can be deferred and you can prioritize your DevSecOps efforts on protecting your most critical applications.

For internal applications, you may want to consider another approach to ensure secure deployment and a level of protection via an application management solution. Arxan offers a solution which does not require a device management solution. With an app beta testing solution, deployment solutions for any device, and the ability to customize compliance or security policies, it provides an easy way to manage and secure internal apps without having to utilize your new DevSecOps process.

To learn more how to streamline and optimize your DevSecOps process, read the next post.

 

More from the Blog

View more
Apr 29, 2021

Why better security means better products

Application Security
Over the past 15 years, businesses have learned a lot about the value ...
Read More
Jun 05, 2020

In Plain Sight II: On the Trail of Magecart

Application Security
On the surface, the breaches that impacted British Airways, Ticketmast ...
Read More
Jun 02, 2020

Here Comes CCPA

Application Security
  Ready Or Not, Here It Comes! As of publication, there are 147 ...
Read More
May 27, 2020

Application Security: Testing is NOT Enough

Application Security
In the software development world, developers are faced with a break ...
Read More
Contact Us