Laura Stanton, a General Services Administration official, said federal agencies should develop an application security testing program that advances the adoption of various tools that continuously evaluate and address cyber vulnerabilities throughout the software development lifecycle.
“Ultimately, the goal is to create a holistic AST program of automated tools and manual testing that continuously examines applications as they are developed and continue through the SDLC,” Stanton, assistant commissioner for the office of information technology category at GSA’s Federal Acquisition Service, wrote in a blog post published Tuesday.
Some of the AST testing tools Stanton cited are Static AST, Dynamic AST and Software Composition Analysis.
She mentioned broken access control, injection and cryptographic failures as the top three app security threats and suggested best practices and AST tools that could be used to address such threats.
Stanton said agencies should consider the use of independent third-party testers for application security as part of their AST programs.
“These expert firms have the skills and certifications required to provide high-quality results and ensure applications hold up against real-world cyber attacks,” she added.
Want to learn more about the government’s efforts to address cyber threats? Attend the upcoming 2023 Cyber Summit, from Potomac Officers Club. This informative June 8 event will feature speakers such as DOD Deputy Chief Information Officer for Cybersecurity David McKeown and Department of the Air Force Chief Information Security Officer Aaron Bishop, among many others. Register here to reserve a spot today.
