October 16, 2021 A Step Towards Developing India

RASP Solutions Rise to the Challenges of Supply Chain Security

Most, if not every piece of code in production environments has dependencies. Instead of “reinventing the wheel”, developers use existing libraries to implement common functionality.

This is considered best practice since standard libraries are often well implemented. However, reused code can also come from less-trusted sources. With open source repositories like Github, anyone can create a library for a given function that someone can download and integrate into their product. While this creates opportunities for innovation, it can also create security issues. Many of these open source projects do not undergo formal code review or security testing.

As a result, the applications using these libraries may be acquiring new vulnerabilities through their dependencies. Protecting against these types of threats requires individualized and specialized security monitoring, like that provided by runtime application self protection (RASP) solutions.

The Value of Open Source Code

The argument between the virtues of open source and closed source is ongoing. While both definitely have their benefits and their liabilities, the wide availability of open source code is a valuable component of any organization’s ability to rapidly develop and deploy code.

One of the main advantages of open source libraries is efficiency. Many of the most commonly used libraries implement specialized functionality that is widely used. Often, this functionality is very difficult and time-consuming to implement correctly, so a high-quality library implementing the functionality and exposing it via easily-understood functions is extremely valuable.

Open source code is also widely considered to have significant security benefits. With closed source code, the user needs to trust that the developer performed the appropriate functionality and security tests and corrected any issues. Open source code allows the user to review the code before incorporating it into a project and exposes the source code to analysis by more researchers and tools, increasing the probability that errors will be identified and corrected.

The benefits of open source code and the lack of associated fees and licensing agreements have caused a number of development teams to incorporate it into their products. However, failing to do so in a secure manner can cause vulnerabilities to be inherited from insecure components.

Read More : Technology Make Your Life Complete And Comfortable

The Challenge of Open Source Security

While some open source code is high-quality and has undergone significant security testing, the same is not true of all of it. The nature of code sharing sites like Github mean that anyone can upload code, and there is no guarantee that appropriate security testing has been performed. While some information about the quality of the project can be extracted through analysis of the documentation and other features, there is no guarantee that a professional-looking project is secure or vice versa. As the size of organizations’ code bases grow, the complexity of security grows with it. Each dependency incorporated into a project requires comprehensive analysis at the beginning to ensure functionality and security and then analysis and application of all updates in order to be secure.

In many cases, the complexity and overhead of this analysis drives development teams not to perform any analysis at all. 40% of respondents to a DevOps survey state that they do not perform any software composition analysis (SCA), where the team attempts to identify potential vulnerabilities in their product caused by insecure dependencies.

This lack of supply chain analysis leaves an organization’s products open to attack. In 2018, 10% of the open source components that were downloaded for use in other projects had known vulnerabilities. The lack of any SCA testing by many development teams means that it is highly unlikely that these issues were identified and remediated before the components were incorporated into a product and released into production.

Addressing the Supply Chain Security Challenge

The growing complexity of the cybersecurity threat landscape makes managing the exposure of an organization’s applications a significant challenge. Each year, tens of thousands of new vulnerabilities are discovered in production software. Remaining secure requires identifying any places where the vulnerable software may be in use within the organization and applying a patch if one is available.

With the growing number of dependencies included in each application, the complexity of this analysis is increasing rapidly. The lack of formal review processes for open source code included in a product means that an organization may not even be aware that their application depends on certain software and if that software has known and exploitable vulnerabilities.

The failure to perform SCA testing by many DevOps teams demonstrates that unscalability of traditional approaches to vulnerability management. As projects become more complex and dependent on more external components, the development team is unable to keep up with proper analysis and testing of all dependencies.

A specialized threat detection and protection solution like RASP is necessary to ensure that applications cannot be exploited even if they incorporate insecure components within their supply chain. RASP provides individualized protection to an application by sitting between it and external components and monitoring the application’s inputs, outputs, and behaviors.

Based upon this in-depth analysis of the application’s actions and on machine learning models of normal behavior, the RASP solution is capable of identifying and blocking even zero-day attacks based upon their impact on the application. If an application cannot trust even its own internal dependencies and components, it needs the level of granular protection provided by a RASP solution to help ensure both its security and that of the sensitive data that it processes.

Tags: in Tech
Related Posts

Tangste Village – Explore Its History, Beauty and Tourism

September 20, 2021

September 20, 2021

Tangste is the name of a village that is situated in the Leh district of Ladakh. It is also a...

The Manhattan Bridge: A Marvel Of Engineering And Design

September 15, 2021

September 15, 2021

Considered the forerunner of the modern suspension bridge, the Manhattan Bridge is a marvel of modern engineering and design. “Although...

Top Q And A’s For Biking In New York City

September 14, 2021

September 14, 2021

As a beginning rider in New York City, you probably have many questions about biking through the city. Seeing the...

Choosing the Perfect Dining Table

September 13, 2021

September 13, 2021

In any dining room or area, the piece de resistance is always going to be the dining table. It can...

Top 4 Benefits of Multani Mitti

August 6, 2021

August 6, 2021

Multani mitti, also known as “Fuller’s Earth”, is one of nature’s best gifts that can serve as a well-rounded beauty...

4 Essential Things To Know Before You Buy Shares

July 13, 2021

July 13, 2021

Investing on shares sounds like an easy task to do and it is indeed not that hard however, investing on...

Preparation Tips for SSC GD Constable General Awareness 2021 Exam

May 25, 2021

May 25, 2021

Conducted by the Staff Selection Commission, SSC GD Constable Exam is an examination that takes place for the recruitment of...

Is The Microsoft Certification Exam 70-762 Worth It?

May 23, 2021

May 23, 2021

This test is made arrangements for data base specialists who develop and do informational collections across affiliations and who ensure...

You can say these famous writers’ love quotes on your wedding anniversary with some additional words into them: Read whole

May 9, 2021

May 9, 2021

I don’t think so that other than India a husband is very much respected in any other country. I’m not...

Longtime Attorney in Binghamton Has Been Disbarred

May 9, 2021

May 9, 2021

New York State’s Attorney Grievance Committee has forced a Binghamton attorney to close his practice after disbarment. The court decided...

Career Development: What to Do and How Can IFFCOYuva Help With It

May 9, 2021

May 9, 2021

Career development does not happen overnight; it takes time. In fact, you are bound to face plenty of roadblocks in...

4 Amazing Benefits of Chakrasana | Yoga asana for healthy lungs

March 30, 2021

March 30, 2021

Yoga is all about determining who you are and what you want to be. Yoga is the basic fundamental to...

WHAT IS BOLLY2TOLLY?

March 27, 2021

March 27, 2021

Bolly2Tolly is a piracy website that offers free online streaming of Hindi, Malayalam, Tamil, Telugu, Bengali, and Kannada films. There...

What is all about OnionPlay? | Watch Latest HD Movies and

March 15, 2021

March 15, 2021

Onionplay is a site that is dedicated for watching movies. The live streaming of your favorite shows in television is...

5 Places To Visit In The World for Adventure Lovers

March 6, 2021

March 6, 2021

Adventure! Doesn’t it sound great and amazing to you? Well, it sounds amazing to anyone who is interested in adventure...

Comments
Leave a Reply

Your email address will not be published. Required fields are marked *