Applications are under attack, so instead of looking for one silver bullet to protect them, enterprises need to use a combination of detection and protection techniques which span development and operations. Developers still need to run code through static code analysis scanners to find vulnerabilities during the development phase. Application security testing helps find security issues before the software goes live.
For the devops devotees, security testing and code scanning address the "dev" part of the equation, and RASP covers the "ops," as it lets teams be "proactive about vulnerabilities in their applications, instead of being reactive," Milner said.
Sign up for CIO Asia eNewsletters.