Application SecurityNews

Conviso presents an overview of the current Brazilian AppSec scenario

Conviso released the results of the survey “The scenario of the Brazilian Application Security market in 2022”. With the goal of studying and documenting the development of the AppSec industry, the report consolidates the answers of professionals such as information security analysts and developers from Brazilian companies of all sectors and sizes – who deal with sensitive user data.

You can also listen to this article:

One of the biggest findings of the report is that around 90.9% of the professionals understand that the responsibility for ensuring application security belongs to everyone involved in the process. The report also points out that 61.6% of respondents indicate that their companies have a specific sector for AppSec.

Compared to the study released by Conviso in 2020, there has been a 10% growth in the last 2 years, which indicates an advance in awareness of the importance of security steps during application creation.

When asked “does the company you work for have sufficient and/or satisfactory knowledge about AppSec?”, 54.5% say that the company they work for is investing in improvements in this regard. Another 21.2% answered no. Only 18.2% answered yes.

Regarding priorities when it comes to investing in AppSec, investing in AppSec training appeared as the first priority – with 26.3% of the answers, followed by investing in tools, with 14.1%. In 2020, 37.5% of respondents also reported prioritizing investments in training. The intentions of investing in tests has also decreased: in 2020, 25% of respondents prioritized it, against 13% in 2022.

According to Rodrigo Maués, Tech Lead in Conviso’s Consulting team, the results show that we are in the process of understanding the importance of best practices in secure development. “Even though the scenario is already very different from what it was a few years ago, we need to evolve in the application security culture. It’s important to look at maturity models and understand that they are not ‘locks’ and that they can be adapted to work with agile models. This will lead to better clarity on many aspects of AppSec, both for development and security teams, but as well as for business teams”, he warns.

“But it is important to note that we still have improvements for the industry. I am very satisfied with the result and this can show that our market is indeed maturing and understanding the value of delivering secure software”.

Nova call to action
About author

Articles

Communication Analyst at Conviso. With a degree in Journalism, she has 10 years of experience as a content strategist, as well as as a content editor.
Related posts
Application Security

Finding classes for exploiting Unsafe Reflection / Unchecked Class Instantiation vulnerabilities in Java with Joern

During a pentest engagement we found a Java application vulnerable to unsafe reflection [1]. This…
Read more
Application Security

Mitigating Vulnerabilities: Elevating Security Proficiency in Software Development

In the ever-evolving digital landscape, the significance of software security cannot be overstated.
Read more
Application Security

The Importance of Supply Chain to Application Security

When we think about software development, we usually think about complex technical concepts…
Read more

Deixe um comentário