Complimentary Guide Presents Insights and Solutions to Enable Developers to Efficiently Implement CSA
Austin, TX, August 15th, 2023: DryRun Security, a pioneering company addressing the gap between security and developers, is thrilled to unveil their new Contextual Security Analysis guide, catered to AppSec professionals and developers. The guide, accessible at www.dryrun.security/resources/csa-guide, equips readers to scale application security across their organization. This resource offers valuable insights on security testing that fits with modern development practices at organizations using DevOps or Agile methodologies for software delivery.
Contextual Security Analysis (CSA) represents a novel approach to application security that centers on comprehending an application's functionality, identifying sensitive components, and assessing the potential security implications of code changes. CSA leverages contextual cues gathered during code development, such as code paths, functions, authors, and languages, to facilitate real-time context-aware assertions. This approach is particularly effective for modern applications characterized by distribution, microservices architecture, and substantial reliance on APIs and third-party elements. The guide from DryRun Security is an essential tool to understanding how developers can secure their applications without being security experts.
“When developers outnumber security 100 to 1, a different approach is needed,” said Ken Johnson, Co-founder & CTO, DryRun Security. “This guide pulls from my experience at GitHub, where every piece of work we performed involved calculating risk. At GitHub, we used a risk metric to guide our efforts in everything from vulnerability triage to security reviews and everywhere in between. We constantly made these risk calculations and risk-based decisions, and we did so utilizing a multitude of variables and contextually relevant data. We didn’t call it Contextual Security Analysis at the time, but looking back now that really was the origin story for Contextual Security Analysis.”
Brian Walter, CEO of OpenContext, attests to the value of Contextual Security Analysis: "DryRun Security has guided us in uncovering security vulnerabilities within lesser-explored areas of our code. Their mission aligns seamlessly with our organization's ethos, as our developer team holds security in high regard. DryRun Security technology empowers our developers to preemptively address issues during the build phase, ensuring the delivery of a secure end product to our customers." Walter anticipates that the guide will facilitate the implementation and scalability of novel application security testing, and align the security and development groups in larger organizations.
The Contextual Security Analysis guide seamlessly aligns with DryRun Security's overarching objective of bridging the gap between security and developers. This initiative presents developers, who notably outnumber security professionals, with a robust solution and guidance for CSA implementation. As the company remains at the forefront of CSA innovation, this guide expands on the security training and industry presentations Johnson and James Wickett, CEO of DryRun Security, have delivered on the subject. Notably, the DryRun Security beta program has already provided tangible instances of contextual security analysis in action, drawing significant interest for its ability to bridge the development and security divide.
For more details about DryRun Security and to access the free CSA Guide, please visit https://www.dryrun.security/.
***
About DryRun Security: DryRun Security stands as a pioneering software security enterprise, delivering automated security reviews in tandem with code development. Founded by James Wickett and Ken Johnson, the company introduces an inventive approach through Contextual Security Analysis, an exclusive method refined by training over 10,000 developers in security testing and code reviews. This innovative approach empowers developers and security teams to transcend conventional security assessment approaches, proactively addressing potential bugs prior to deployment. To learn more, please visit https://dryrun.security/.