Trend 3: Expanded Attack Surface
While CI/CD is evolving to meet the need for more and more cloud-native software development, including container orchestration, many of the default settings in applications require additional hardening to ensure security, said Jack Mannino, the CEO of nVisium, a company that helps integrate security into the development process.
One reason why more people are paying attention to security issues such as server-side request forgeries, where an attacker tricks a server into accessing data it shouldn’t, is that the attack surface has increased. Developers need to rethink the relationships between different components and how they “talk” to one another.
It’s one reason why businesses should not only incorporate DevSecOps into their planning, but also test applications from many different perspectives for flaws.
“It is important that we perform security testing, during development and in production, from different angles to ensure we’re exercising as many code paths as possible,” Mannino said.