BreachLock Named Notable Vendor in 7th Gartner® Guidance Framework for Building an Application Security Program

PR Newswire

Tue, Mar 26, 2024, 9:41 AM5 min read

In this article:

NEW YORK, March 26, 2024 /PRNewswire/ -- BreachLock, a global leader in attack surface discovery and penetration testing, has been named a notable vendor in Gartner's latest 2024 Guidance Framework for Building an Application Security Program.

BreachLock, Inc. Logo (PRNewsfoto/BreachLock)

"BreachLock is proud to be included as a notable vendor for application security alongside such security providers as Bishop Fox and Cobalt," commented BreachLock Founder & CEO, Seemant Sehgal. "As a global leader in penetration testing, our experts understand how applications and API-related data breaches can greatly affect business operations. That is why it is so important to address the increased risk early with customers to help them establish the most appropriate and robust application security program across their software development life cycle (SDLC)."

In the past two years, 60% of enterprises have experienced a data breach caused by weak API Security¹. Gartner survey data shows that 41% of organizations deprioritize security tasks for delivery speed, which is not uncommon when trying to satisfy only business requirements without considering security². To help SRM leaders drive support for an application security program, Gartner recommends providing stakeholders with key data and examples of API-related breaches coupled with internal risk assessments such as³:

Data and applications classification based on criticality
Results from application security testing (AST) which include SAST and DAST and software composition analysis (SCA) scans
Data intelligence and output from threat models
Application complexity based on code and test coverage which are fundamentally unpredictable and can lead to vulnerabilities.

At Breachlock, we agree that application security begins with ensuring our customers understand the extent of their application environment. This involves cataloging the application assets and initially focusing on a select few applications. These assets may encompass web and application servers, containers, legacy software, and APIs providing underlying services, among others. The inventory comprises all data stored and transmitted by the application, alongside metadata. By conducting this inventory, an enterprise can develop a risk profile for each application.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) highlights the need to take a "secure by design" approach as the most effective way to secure applications and the number of vulnerabilities that find their way into production⁴. This holistic methodology involves integrating pervasive application security measures throughout the SDLC.

The report also states that risk assessments should be as automated as possible. "At BreachLock, we find that automated application security solutions not only establish a baseline, but our built-in standardization offers consistent metrics that can be analyzed and used to foster stakeholder understanding of how application security can impact business outcomes and overall cyber resiliency," added Sehgal.

Most enterprises have incorporated SDLC processes, but most lack automation and standardization. This can often be the result of a mix of challenges such as a complex supply chain or a recent merger and acquisition. At BreachLock, we are often asked by our customers how much of their application security testing should be automated. That response differs and is dependent upon multiple factors, including security and business requirements, SLAs, the applications, APIs, and the security stack itself. Are the technology mostly legacy systems or is it mixed with a more modern software development environment? According to Gartner, application security testing is the most commonly automated security activity. Forty-five percent of organizations report having automation fully or mostly in place for application security².

In the end, application security and API-related security automation must start with an inventory of assets and the prioritization of all critical and high vulnerabilities, along with evidence of vulnerability remediations integrated into a security dashboard. The BreachLock AI-driven platform provides user-friendly dashboards with evidence via Proof of Concepts (POCs) available directly within the platform. These POCs accompany every vulnerability to better understand the context around the potential threat such as the depth of criticality and exposure to the associated asset and other assets, ease of exploitation of that application or API, and potential attractiveness by an attacker.

Following the highly effective secure-by-design approach to application security is a process that should be maintained long-term across the SDLC starting with ideation and design, through development, deployment, and maintenance. This type of upfront investment not only provides cost savings and efficiencies to fix vulnerabilities early in the development lifecycle but can put enterprises on the road to inherently long-term resilience against emerging threats.

References:

¹Michael Vizard (15 Sept 2023). Security Boulevard, Cyberattacks Increasingly Target APIs.

²2023 Gartner Security in Software Engineering Survey conducted online from 7 June through 14 July 023.

³William Dupre (2024). A Guidance Framework for Building an Application Security Program, Page 3.

⁴ Secure By Design Framework. Cybersecurity & Infrastructure Security Agency.

About BreachLock

BreachLock is a global leader in Continuous Attack Surface Discovery and Penetration Testing. Continuously discover, prioritize, and mitigate exposures with evidence-backed Attack Surface Management, Penetration Testing and Red Teaming.

Elevate your defense strategy with an attacker's view that goes beyond common vulnerabilities and exposures. Each risk we uncover is backed by validated evidence. We test your entire attack surface and help you mitigate your next cyber breach before it occurs.

Download the BreachLock API Security Guide or read the latest blog on How to Build an Applications Security Program.

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Media Contact:

Megan Charrois
Senior Marketing Executive
megan.c@breachlock.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/breachlock-named-notable-vendor-in-7th-gartner-guidance-framework-for-building-an-application-security-program-302099653.html

SOURCE BreachLock

Analysts revamp Microsoft stock price target after earnings
Here's what could happen next to Microsoft shares.
TheStreet•9h ago
A Once-in-a-Decade Investment Opportunity: 2 Artificial Intelligence (AI) Stocks to Buy Now and Hold Long Term
These stocks could help investors turn a profit as artificial intelligence takes root across business processes and consumer products.
Motley Fool•23h ago
Despite complaints, Apple hasn't yet removed an obviously fake app pretending to be RockAuto
Apple's App Store isn't always as trustworthy as the company claims. The latest example comes from RockAuto, an auto parts dealer popular with home mechanics and other DIYers, which is upset that a fake app masquerading as its official app has not been removed from the App Store, despite numerous complaints to Apple. RockAuto co-founder and president Jim Taylor was first alerted to the situation when customers began complaining about "annoying ads" in its app -- something he said "surprised us s
TechCrunch•16h ago
1 Monster Artificial Intelligence (AI) Growth Stock Up 45,900% in 20 Years to Buy Now, According to Wall Street
Nvidia stock produced life-changing returns over the past two decades, but Wall Street analysts still see upside for shareholders.
Motley Fool•23h ago
These are the countries where TikTok is already banned
TikTok is in the crosshairs of authorities in the U.S., where new law threatens a nationwide ban unless its China-based parent ByteDance divests. TikTok is already banned in a handful of countries and from government-issued devices in a number of others, due to official worries that the app poses privacy and cybersecurity concerns. TikTok has long maintained that it doesn’t share data with the Chinese government and its CEO has taken a defiant stance, vowing to fight back.
Associated Press Finance•22h ago
Wacom's first OLED pen display is also the thinnest and lightest it has ever made
Wacom's latest pen display model is called Movink, and it's the company's first with a OLED screen. It's also Wacom's thinnest and lightest option ever, while still offering 13 inches of work space.
Engadget•17h ago
Forget Nvidia: 2 Artificial Intelligence (AI) Stocks to Buy Instead
Evolving business strategies in the tech sector might transform your investment options. Two adaptable tech giants could be more appealing than Nvidia right now.
Motley Fool•2d ago
What the New Ray-Ban Meta Smart Glasses Mean for Travelers
These AI-powered smart glasses offer an early glimpse at what on-the-go virtual travel assistants could be.
Skift•14h ago
U.S. chip bans not meant to hobble China's growth, Blinken says
U.S. export controls on sending advanced computing chips to China are not meant to hold back China's economy or technological development, Secretary of State Antony Blinken said during an interview with National Public Radio on Friday. Since 2022, U.S. officials have imposed sweeping controls on which computing chips can be exported to China, cutting off some sales from Nvidia, Advanced Micro Devices and Intel, among others.
Reuters•8h ago
Intel reports better than expected Q1 earnings but falls short on revenue outlook. Stock slides more than 5%.
Intel reported its Q1 earnings on Thursday, beating analysts' estimates. But a disappointing outlook sent shares sliding.
Yahoo Finance•1d ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

Yahoo Finance

BreachLock Named Notable Vendor in 7th Gartner® Guidance Framework for Building an Application Security Program

Recommended Stories

Analysts revamp Microsoft stock price target after earnings

A Once-in-a-Decade Investment Opportunity: 2 Artificial Intelligence (AI) Stocks to Buy Now and Hold Long Term

Despite complaints, Apple hasn't yet removed an obviously fake app pretending to be RockAuto

1 Monster Artificial Intelligence (AI) Growth Stock Up 45,900% in 20 Years to Buy Now, According to Wall Street

These are the countries where TikTok is already banned

Wacom's first OLED pen display is also the thinnest and lightest it has ever made

Forget Nvidia: 2 Artificial Intelligence (AI) Stocks to Buy Instead

What the New Ray-Ban Meta Smart Glasses Mean for Travelers

U.S. chip bans not meant to hobble China's growth, Blinken says

Intel reports better than expected Q1 earnings but falls short on revenue outlook. Stock slides more than 5%.