DryRun Security Introduces Contextual Security Analysis (CSA) Guide for AppSec

Complimentary Guide Presents Insights and Solutions to Enable Developers to Efficiently Implement CSA

DryRun Security, a pioneering company addressing the gap between security and developers, is thrilled to unveil their new Contextual Security Analysis guide, catered to AppSec professionals and developers. This resource offers valuable insights on security testing that fits with modern development practices at organizations using DevOps or Agile methodologies for software delivery.

AiThority Interview Insights: AiThority Interview with Bret Greenstein, Partner, Data & AI at PwC

“When developers outnumber security 100 to 1, a different approach is needed”

Contextual Security Analysis (CSA) represents a novel approach to application security that centers on comprehending an application’s functionality, identifying sensitive components, and assessing the potential security implications of code changes. CSA leverages contextual cues gathered during code development, such as code paths, functions, authors, and languages, to facilitate real-time context-aware assertions. This approach is particularly effective for modern applications characterized by distribution, microservices architecture, and substantial reliance on APIs and third-party elements. The guide from DryRun Security is an essential tool to understanding how developers can secure their applications without being security experts.

Read More about AiThority Interview: AiThority Interview with Rebecca Jones, General Manager at Mosaicx

“When developers outnumber security 100 to 1, a different approach is needed,” said Ken Johnson, Co-founder & CTO, DryRun Security. “This guide pulls from my experience at GitHub, where every piece of work we performed involved calculating risk. At GitHub, we used a risk metric to guide our efforts in everything from vulnerability triage to security reviews and everywhere in between. We constantly made these risk calculations and risk-based decisions, and we did so utilizing a multitude of variables and contextually relevant data. We didn’t call it Contextual Security Analysis at the time, but looking back now that really was the origin story for Contextual Security Analysis.”

Brian Walter, CEO of OpenContext, attests to the value of Contextual Security Analysis: “DryRun Security has guided us in uncovering security vulnerabilities within lesser-explored areas of our code. Their mission aligns seamlessly with our organization’s ethos, as our developer team holds security in high regard. DryRun Security technology empowers our developers to preemptively address issues during the build phase, ensuring the delivery of a secure end product to our customers.” Walter anticipates that the guide will facilitate the implementation and scalability of novel application security testing, and align the security and development groups in larger organizations.

The Contextual Security Analysis guide seamlessly aligns with DryRun Security’s overarching objective of bridging the gap between security and developers. This initiative presents developers, who notably outnumber security professionals, with a robust solution and guidance for CSA implementation. As the company remains at the forefront of CSA innovation, this guide expands on the security training and industry presentations Johnson and James Wickett, CEO of DryRun Security, have delivered on the subject. Notably, the DryRun Security beta program has already provided tangible instances of contextual security analysis in action, drawing significant interest for its ability to bridge the development and security divide.

 Latest AiThority Interview Insights : AiThority Interview with Dan O’Connell, Chief AI & Strategy Officer at Dialpad

 [To share your insights with us, please write to sghosh@martechseries.com]