AI Enlisted to Secure Apps
An application security testing specialist is adding automated verification to its app scanning platform.
WhiteHat Security said this week the addition of AI-enabled verification to its application security testing framework would help developers accelerate deployment of secure web applications. The San Jose-based company claimed its automated verification tool could reduce the time needed for security scanning to a manner of seconds.
The company’s flagship platform, based on its dynamic application security testing format, draws on a data set of 95 million known vulnerabilities. The AI upgrade is intended to address the widening gap between application security and DevOps teams that must balance the demand for faster application upgrades with an expanding number of security threats.
Hence, security vendors like WhiteHat are promoting automation tools as a complement to manual application vulnerability testing.
“AI software will dramatically decrease threat vector identification times and improve the efficiency of false positive identification,” the company said Thursday (Sept. 6). “As a result, enterprises will increase the speed at which developers are made aware of potential application security vulnerabilities and deliver real-time security risk assessments.”
Security experts estimate that about one-third of the code base for enterprise applications is open source. While open source projects tend to be maintained by large groups of developers, the security record of open-source software is mixed. A case in point is Apache Struts, which was linked to last year’s massive Equifax breach.
Last month, WhiteHat and others announced a new vulnerability in the Java-based web application development platform used by an estimated 65 percent of Fortune 100 companies. Application security tools scan for vulnerabilities, then poll a national vulnerability database before flagging vulnerabilities as they are declared.
While the list of web application vulnerability scanners continues to grow, vendors such as WhiteHat are betting that the combination of automation tools and its existing security testing platform will appeal to harried DevOps teams pressed to get applications out the door.
Hence, the addition of AI software to its app security verification platorm “directly addresses the biggest current challenge for DevSecOps—getting new applications to market at the pace demanded by business while thoroughly assessing potential security risks,” said WhiteHat Security CEO Craig Hinkley.