Application Security What is application security? Critical web applications have been subject for some time to an overall process of tracking, reporting and fixing security flaws at application level, inspired by initiatives like OWASP Top 10. Application security is a very critical area to be incorporated in a complete cybersecurity strategy so that the vast amount of application errors are reported on time, thus reducing the software application attack surface. Why it matters Exploiting vulnerabilities in the application layer is a fertile ground for attackers. 90% of the security incidents is launched by exploiting the software design and/or the code of a software application. Blue ball Green ball Yellow ball Red ball Purple ball Diagonal straight lines curves outlines X-labels-Years 0-2 years 2-5 years 5+ years Y-labels-Areas Application security © Eviden SAS 2024. All rights reserved. Maturity 0-2 years 2-5 years 5+ years 0-2 years 2-5 years 5+ years The landscape Heavy influencing of the most recent evolutions in application security on tooling to be used in the context of: • Integrated ALM with DevOps and DevSecOps • Cloudification combined with containerisation and automation, • Orientation toward API an microservices end goal of staying in front of the attackers for a change. Supply chain attacks are a key driver in the integration of application security in the entire application lifecycle Evolutions in the application field require the various types of application security testing (static, dynamic, interactive, mobile, etc.) to be embedded into the application lifecycle management (ALM) tooling in their environments, and will be able to proactively mitigate them. Emerging new trends transforming application security Modern applications and the Agile development lifecycle are among the driving forces in the fundamental changes and emerging application security trends. Crowdsourced security testing, no-code security and cloud-native application security are just a few of the fast adopted new tech trends in application security. Key figures 53% of those technologies are either already adopted by most organizations or will be in the next two years. 29% of those technologies are expected to be adopted in the next 2 to 5 years cycle. 18% of those technologies are transformational and wide spread adoption will take over 5 years. Advanced Detection & Response Cyber Incident Response Identity & Access Management Endpoint & Mobile Security Network Security Application Security Cloud Security Data Security