What Is Application Security?

October is National Cybersecurity Awareness Month in the US, and by extension for most of the world. Many people in the hacking community are against using cybersecurity to describe the industry, but it is a lost battle. Having a common language is necessary if we want the general population to care about their computers’ and data’s security. Plus government and businesses have adopted it.

When people ask me what I do for a living, I say cybersecurity. Their response is usually an “Ok, cool” and occasionally follow-up with “So, what are you exactly securing?” Software is my response. It is probably one of the most transcendent pieces of technology the world has ever seen. It has created the most wealth and impacted our lives, for better or worse, more than almost any other technology.

Software is just the set of instructions and data that tells a computer what to do. It can range from a basic program that prints “Hello World” in a terminal to the millions of lines of code that make a web browser like Chrome. The earliest pieces of software were written and ran in the 1940s. However, it did not realize its full potential until the arrival of personal computers in the 1970s and 1980s. Since then, software has become embedded and necessary for our everyday life.

I believe that software is going to become “One” with us in the not-so-distant future. Either by us constantly wearing it on our phones, watches, glasses, etc. To implanting the technology directly into our bodies. Its security and privacy is and will become a human-right

When I talk with other people in the cybersecurity industry, I tell them I work as an Application Security Consultant. Application Security is the art and science of securing every type of software. My main job is supporting software developers in the creation of secure software. We work together to find and remediate security vulnerabilities during the SDLC (Software Development Life Cycle).

supporting developers in building secure applications

Developers!

Software developers’ job is already demanding and time-consuming when maintaining or developing new features for their applications. Part of my job as an Application Security Consultant is to use the appropriate tools and techniques to find vulnerabilities. I will also educate developers on the most common vulnerability types found in their applications and how to fix them in their code. At the end of the day, the developers are the owners of their applications so they have the final say.

There is a huge problem in software security which is that there are not enough of us. For every hundred or so developers, there is barely one of us in AppSec. I do not have an answer on how to bring more people in. The tech industry in general is struggling to keep up with the demand. Feel free to reach out if you are interested in joining us in Application Security.