Full width home advertisement

Post Page Advertisement [Top]

I'm a developer who is working to focus more on security. My organization is currently looking at tightening security processes for internal development and one of the initiatives is looking at API Security automation tools. Things like traffic profiling, DAST, fuzzing tools, etc..

I've heard a couple of people question why this is necessary when our APIs are primarily for internal use only. The argument is that malicious traffic won't be an issue because we're protected by the firewall.

I also recently saw a developer comment in here complaining about how "99% of the vulnerabilities our security team submits to us aren't even exploitable because they are private backend services."

I think this is a flawed perspective because breaches happen even with firewalls, and once an intruder gets access to the network those private backend servers become exploitable. Security should be a layered approach.

Is there more to it than this, though? What are some other reasons to push for strong development security processes beyond not putting 100% trust into the firewall? Are there some examples you could provide that would help me convince other developers of the need for more security tools and processes? submitted by /u/Marrukaduke
[link] [comments]


http://dlvr.it/T7t4gl

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();

Bottom Ad [Post Page]

Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib