As organizations rapidly develop web applications and/or transition to agile development, security practices can often get overlooked. In order to meet the demand while improving the protection of applications from vulnerabilities and attacks, DevOps must expand to include information security to become DevSecOps.
The threat landscape has expanded to mobile applications accessing sensitive data. Securing mobile applications is now an integral part of a complete application security program.
Organizations can sometimes inadvertently undermine their security posture. This paper describes the 10.5 things that undermine a web application security program and how to avoid them.