Skip to content

GAVS – Global IT Consulting

Menu
  • Platforms & Products

    • Platforms & Products

      GAVS’ products will help change how you organize your IT Operations, bring meaningful and actionable insights to speed up network fixes, provide real data as quantifiable justification to adopt strategies that foster business improvements.

      • ZIF
      • Products
        • zDesk – Remote, Secure Desktop-as-a-Service (VDI+)
        • zIrrus
        • GTOps
        • TruOps
        • Close
    • Products & Platforms

      • Reimagining your Digital Infrastructure with Zero Incident FrameworkTM

        Read more
    Close
  • Services & Technologies

    • Services & Technologies

      GAVS is a global IT services provider with focus on AI-led Managed Services and Digital Transformation. GAVS’ AIOps platform, Zero Incident Framework ™ (ZIF), enables proactive detection and remediation of incidents and increases uptime, helping organizations drive towards a Zero Incident Enterprise™ . GAVS has transformed IT Enterprise delivery through ZIF’s Discover, Monitor, Analyze, Predict, and Remediate modules, to optimize business services continuity.

      • Digital Services
        • Auto Discovery and Dependency Mapping
        • Cloud Enablement
          • Cloud Advisory and Transformation
          • Close
        • Automation
        • Blockchain
        • Close
      • Cyber Security Services
        • Assessment & Advisory
        • Identity & Access Management (IAM)
        • Managed Detection & Response (MDR)
        • Managed Security Services (MSS)
        • Security Automation
        • Risk & Compliance
        • Close
      • Data Privacy Services
      • Consulting & Implementation Services
        • Cloud Advisory and Transformation
        • Data Center Assessment
        • Data Center-as-a-Service (DCaaS)
        • Infrastructure re-engineering
        • Data Center Consolidation & Migration
        • Close
      • Software Product Engineering
        • Product Design & Development
        • Product Consulting
        • DevSecOps – Transformational S/W Development and Operations
        • Software Quality Assurance
        • Product UI/UX Development
        • Product Support & Maintenance
        • Close
      • Enterprise Support Services
        • Managed Infrastructure Support
        • Remote Infrastructure Monitoring
        • End User Monitoring
        • Close
      • Microsoft Services
    • Services &Technologies

      • Reinforcement Learning- The Art of Teaching Machines

        Read more
    Close
  • Industries

    • Industries

      GAVS Technologies focuses on serving various industry verticals in their digital transformation through infrastructure solutions, adopting innovation and technologies in different domains. We offer services and solutions aligned with technology trends to enable enterprises to take advantage of futuristic technologies like DevOps, Smart Machines, Cloud, IoT, Predictive Analytics, Managed Infrastructure Services, and Security services.

      • Industries Overview
      • Healthcare
      • Banking & Financial Services
      • Manufacturing
      • Media & Publishing
    Close
  • Inside GAVS

    • Inside GAVS

      GAVS is a global IT services provider with focus on AI-led Managed Services and Digital Transformation. GAVS’ AIOps platform, Zero Incident Framework™ (ZIF), enables proactive detection and remediation of incidents and increases uptime, helping organizations drive towards a Zero Incident Enterprise™ . GAVS has transformed IT Enterprise delivery through ZIF’s Discover, Monitor, Analyze, Predict, and Remediate modules, to optimize business services continuity.

      • About Us
      • Client Speak
      • Alliances & Partnerships
      • Leadership Team
      • Social Responsibility
      • Events
      • Locations
      • Contact Us
      • Press Releases
      • Media Mentions
      • Awards and Recognitions
      • In Memoriam
      • Covid Care
    • event

      enGAge 2021

      enGAge’ is our annual client event, a platform for our clients to come together to discuss trends, technologies and discover rich insights. Due to the pandemic, we are going virtual. Yes, enGAge 2021 is an online event and would be held on October. We look forward to your participation. enGAge is planned as an interesting mix of keynote sessions and panel discussions followed by entertainment. The discussions would revolve around future technologies and innovation, in our constant drive to enable Digital Transformation. Though virtual, we are committed to provide an ‘engaging’ experience and delight our clients and prospects. We look forward to hosting you.

      Read more about our enGAge event

    Close
  • Insights

    • Insights

      We bring you discerning insights on technology trends, innovation and organization culture, thru our collection of articles, blogs and more. Insights reflects our passion in driving advancements as we move forward creating new paradigms in business and work culture. You would find our thoughts on a variety of topics ranging from evolving technologies and ways it affects businesses and lives, transformational leadership, high impact teams, diversity, inclusion and much more.

      • Blogs
      • Articles
      • White Papers
      • Brochures
      • Videos
      • Case Studies
      • enGAge Magazine
    • insights

      • Seven Tips for Leading IT Modernization and Digital Transformation

        Read more

    Close
  • Work With Us

    • Work with us

      What it means to be a GAVSian?

      If you rate high on our SWAT test (Smart, Hardworking, Articulate, Technologically curious), GAVS’ hiring profile, we promise you excitement, inspiration and the freedom to succeed in our flat organization. Being a GAVSian, you would represent our cutting edge in technological advancement while we help you hone yourself into the person you aspire to be. That’s the level of personal interest we invest in you.

      • Career with GAVS
      • Company Culture
      • Diversity @ GAVS
      • Building a respectful workplace
    Close
Back to blogs

New Challenges in Application Security

Oct 29, 2021
  • best cyber security services companies
  • cyber Security and Compliance services
  • cyber security mdr services
  • cybersecurity and risk management services healthcare
  • healthcare cybersecurity risk management technology
  • managed security services providers usa
  • security iam management tools
SHARE

In this blog post

  • New Challenges in Application Security
  • Software Product Security – The Current Market Situation
  • Evolving Application Security Testing (AST)

New Challenges in Application Security

Businesses today are having to cater to an increasing demand for always-on, reliable, and secure application services to meet internal and customer expectations. With constantly fluctuating market needs, there is also the need for rapid, iterative development and deployment of applications in production. All of this has necessitated the use of models that help automate development and deployment processes efficiently. In this context, from an application security point of view, several new challenges and risks arise. As a result, solutions that offer greater visibility and control over vulnerabilities and attacks throughout the application life cycle are gaining significant importance.

GAVS recently conducted a webinar in collaboration with Hdiv Security, that focused on DevSecOps and how the new IAST (Interactive Application Security Testing) and RASP (Runtime Application Self-Protection) approaches can help security teams detect vulnerabilities in on-premise and cloud applications in real-time and protect their integrity even in case of infrastructure compromise.

The first panelist was Daniel Lopez Perez. He is currently the Sales Director at Hdiv Security, a pioneer in enabling application self-protection. Hdiv is the first product in its class, offering protection against security bugs and business logic flaws throughout the Software Development Lifecycle (SDLC). Daniel has over 20 years of international experience in sales, presales, and consultancy roles, in the networking and cyber security space.

Kannan Srinivasan, Head of Cyber Security Practice at GAVS Technologies, joined as our second panelist. He has over 21 years of experience and has handled multiple large cyber security transformation engagements for various clients across BFSI and Healthcare. He is a subject matter expert in DevSecOps, cloud security, infra security including SOC, vulnerability management, GRC, IDAM, Managed Security Services (MSS), and data protection & privacy.

This blog captures some of the key discussion points and takeaways from the webinar. The link to the entire webinar is available at the end of the blog.

Software Product Security – The Current Market Situation

Recently, British Airways was fined 20 million pounds for a data breach. Similarly, critical SQL injection vulnerability exposed approximately one million financial records stored in a Starbucks enterprise database. These are just two examples of the rising security and operational issues due to the increasing adoption of technology across industries. Broadly, four main factors contribute to the growing concerns of data security:

  • Too many legacy and unreliable tools leading to fragmented view of threat landscape
  • Vulnerable applications due to unidentified flaws during testing
  • Significant time spent on manual application security testing
  • No real-time protection for applications in the production environment

Today, Application Security (AppSec) is evolving into DevSecOps. DevSecOps essentially uses integrated tools within the development toolchain, including automated policy enforcement. It also provides security guardrails that help teams to maximize security and velocity. A recent survey of 250 organizations in the USA and UK states that 75% have adopted DevSecOps. This growth can be attributed to DevSecOps’ ability to offer security, quality, and resilience while offering a 30% faster time to market. The rise of DevSecOps is also a direct result of:

  • The constant change in threat vectors
  • Adoption of DevOps with the need for security testing at each step
  • An increase in microservices and containers due to demands for highly scalable applications that share functionalities has brought in a lot of additional complexities
  • Rising cloud adoption increases the risk of vulnerabilities and security flaws within applications

It is estimated that by 2022, 90% of software projects will use DevOps practices. It is also predicted that security testing will become a norm at every stage of CI/CD, while code and run time also need mandatory testing.

Evolving Application Security Testing (AST)

The current security state reinstates the need for organizations to be aware of vulnerabilities such as SQL injections and advanced security threats. Although a Web Application Firewall (WAF) is considered a security measure, it does not protect organizations from a host of vulnerabilities, including Non-HTTP attacks, attacks from internal sources, IDOR, SSRF, untrusted deserialization, or padding oracle.

‘The State of Application Security 2020’ by Forrester reports that Interactive Application Security Testing (IAST) overtakes DAST in the development phase. IAST adopts a ‘Code-Build-Test-Deploy-Operate’ approach that helps organizations identify issues before the launch of an application and resolve security errors that arise due to any business logic flaws. Reportedly, 32% of global security decision-makers implement IAST in the development phase while 35% implement DAST in the development phase. The main difference of IAST from SAST and DAST is that it operates inside the application. IAST accesses a broad range of data, compared to source code or HTTP scanning, thus offering the following benefits:

  • Continuous vulnerability detection
  • One solution for development, quality assurance, security teams
  • No false positives
  • Third-party vulnerability detection
  • Integrated seamlessly into the DevOps toolchain

To make a robust security system, organizations are also focusing on Runtime Application Self-Protection (RASP). RASP incorporates security into a running application. RASP intercepts all calls made from the app to the system, ensuring their source for security, and validates data requests directly inside the app. RASP protects applications and APIs against attacks and offers various benefits, including:

  • Higher protection from various types of attack
  • Dramatic reduction of false positives
  • Ease of maintenance
  • Adaptable to new standards (JSON etc.)
  • Adaptable to cloud and DevSecOps
  • Defined perimeter
  • Scalability

You can watch the entire webinar here, which includes poll questions, discussion of real use cases, live demo of the product, and the experts taking on audience questions.

GAVS routinely organizes insightful webinars with GAVS’ tech leaders, the leadership team, and industry thought leaders to explore current and emerging trends. To watch all our webinar recordings, please visit https://www.gavstech.com/videos/.



Leadership is action
LEADERSHIP is not a Position, it is Action
Read More
Demystifying the Application Support
Demystifying the Application Support Role
Read More
GAVS Experience
The GAVS Experience
Read More
GAVS – Global IT Consulting

Copyright © 2021, GAVS Technologies.

  • Privacy Policy
  • Cookie Policy
  • Terms of use
  • Contact Us
  • Platforms & Products
    • Platforms & Products
    • Products
      • Zero Incident Framework ™
      • Products
      • zDesk – Remote, Secure Desktop-as-a-Service (VDI+)
      • GTOps
      • TruOps
      • zIrrus
  • Services & Technologies
    • Services & Technologies
    • Digital Services
      • Digital Services
      • Auto Discovery and Dependency Mapping
      • Cloud Enablement
        • Cloud Advisory and Transformation
      • Automation
      • Blockchain
    • Data Privacy Services
    • Cyber Security Services
      • Cyber Security Services
      • Risk and Compliance
      • Security Automation
      • Managed Security Services (MSS)
      • Managed Detection and Response (MDR)
      • Identity and Access Management
      • Assessment and Advisory
    • Consulting & Implementation Services
      • Consulting & Implementation Services
      • Cloud Assessment & Advisory
      • Data Center Assessment
      • Data Center-as-a-Service (DCaaS)
      • Infrastructure re-engineering
      • Data Center Consolidation & Migration
    • Accelerated Business Value through Software Product Engineering & Development
      • Software Product Engineering
      • Product Design & Development
      • Product Consulting
      • DevSecOps– Transformational S/W Development and Operations
      • Software Quality Assurance
      • Product UI/UX Development
      • Product Support & Maintenance
    • Enterprise Support Services
      • Enterprise Support Services
      • Managed Infrastructure Support
      • Remote Infrastructure Monitoring
      • End User Monitoring
    • Microsoft Services
  • Industries
    • Industries Overview
    • Healthcare
    • Banking & Financial Services
    • Manufacturing
    • Media & Publishing
  • Inside GAVS
    • Inside GAVS
    • About Us
    • Industries
    • Client Speak
    • Alliances & Partnerships
    • Leadership Team
    • Social Responsibility
    • Events
    • Find us
    • Reaching us
    • Press Releases
    • Media Mentions
    • Awards and recognitions
    • In Memoriam
    • Covid Care
  • Insights
    • Insights
    • Articles
    • Blogs
    • White Papers
    • Case Studies
    • Brochures
    • Videos
    • enGAge Magazine
  • Work with us
    • Work with us
    • Career with GAVS
    • Company Culture
    • Diversity @ GAVS
    • Building a respectful workplace

Schedule a Demo