{"id":40222,"date":"2021-03-30T14:04:57","date_gmt":"2021-03-30T14:04:57","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32149\/Application-Security-Tactics-Are-Due-For-An-Overhaul.html"},"modified":"2021-03-30T14:04:57","modified_gmt":"2021-03-30T14:04:57","slug":"application-security-tactics-are-due-for-an-overhaul","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/","title":{"rendered":"Application Security Tactics Are Due For An Overhaul"},"content":{"rendered":"
\n
The Biden administration is reportedly preparing a raft of software-related security measures designed to prevent breaches like the one that hit SolarWinds and its customers. (Official White House Photo by Adam Schultz)<\/figcaption><\/figure>\n

Collectively racking up a victim count in the tens of thousands, high-profile attacks targeting users of SolarWinds Orion and Microsoft Exchange serve as a harsh reminder that threats to software security remain one of the biggest issues facing the security landscape today. <\/p>\n

And yet, even as both government and industry acknowledge the severity of the situation, strategies are fragmented at best, elusive at worst. <\/p>\n

Indeed, evidence shows that the attack surface around applications is getting larger. Bugcrowd, which offers a platform allowing companies to connect their applications to a community of thousands of security researchers who root out for bugs and vulnerabilities, reported<\/a> a 50 percent increase in total bug bounty submissions in 2020 compared to 2019. That tracks with other research that has found a record number of new vulnerabilities reported over the past year, many of which target faulty or shoddy software programs.<\/p>\n

At the very least, the issue appears to be gaining more attention in board rooms and among policymakers. In a survey of more than 2,400 security technology decision-makers conducted by Forrester in 2020, improving application security capabilities and services was listed as the top tactical IT security priority over the next 12 months, a sign that businesses are starting to confront the growing threat head on.<\/p>\n

The Biden administration is also poised to take action, with Reuters reporting<\/a> that an upcoming executive order is likely to implement a raft of software-related security measures designed to prevent breaches like the one that hit SolarWinds and its customers. Specifically, the order would obligate software vendors who do business with the federal government to report a breach of their systems, and also require a software bill of materials on critical government IT programs.<\/p>\n

But there\u2019s a long way to go \u2013 and much more work to be done \u2013 if industry and government are going to succeed in stemming the rising tide of software-based attacks they\u2019re facing on a daily basis.<\/p>\n

A complex picture<\/strong><\/p>\n

The introduction of the cloud, APIs, open-source code and containerization has only added further complexity to the software development process. More recently, in the wake of the COVID-19 pandemic, many businesses rushed to put new apps online to continue serving their customers or moved existing ones to more unfamiliar cloud environments in ways that have created new security holes and oversights.<\/p>\n

Software applications have always been vulnerable \u2013 hence the development of concepts like DevSecOps \u2013 but a number of factors have combined in recent years to supercharge existing concerns.<\/p>\n

Sandy Carielli, a principal analyst at Forrester who serves as the lead author for the company\u2019s annual report<\/a> on the state of application security, told SC Media that applications are still one of the most common attack vectors in external data breaches, but awareness is rising at the executive level and newer tools like static and dynamic application security testing and SOAR (security orchestration, automation and response) have made it easier than ever to integrate security during the code-writing process. That being said, the aforementioned changes to the software development process over the years means there are always new considerations or weaknesses to which practitioners have had to adapt.<\/p>\n

\u201cIf I was going to summarize it in one sentence, I would say \u2018Not great, but moving in the right direction,\u2019\u201d said Carielli when asked to evaluate the current state of app security. \u201cOne caution, though, is that yes, it\u2019s slowly starting to get better, but every time we change the way we build applications, every time we advance in terms of how we architect, every time we make it easier to build and manage and introduce new architectures and new structures \u2013 whether it\u2019s containers or serverless or Infrastructure as Code or APIs \u2013 every time we do that, we introduce new risk and we discover that there are new ways to breach an application that perhaps we hadn\u2019t thought about.\u201d<\/p>\n

The rising rate of automation in the software development process could also be creating new holes. Timur Gilmullin, DevOps team lead at security research company Positive Technologies, said most major software vendors have more or less fully automated their Continuous Integration\/Continuous Development processes over the past five years, from building components and installers to deploying them on testbeds, testing and publishing updates.<\/p>\n

\u201cEach of these stages is susceptible to a targeted attack,\u201d similar to the attack that corrupted an update of SolarWinds\u2019 Orion software last year, said Gilmullin.<\/p>\n

Bad security can also create a negative feedback loop, where damaging vulnerabilities are exploited by bad actors, those successes are observed by new groups and those actors then dedicate more time and resources towards finding more vulnerabilities.<\/p>\n

Ransomware actors routinely look for easy vulnerabilities to exploit in victim organizations. Traditionally that has meant phishing lures, credential theft and other low-effort pathways, but some observers point to episodes like the recent weaponization of the Microsoft Exchange vulnerabilities by multiple ransomware groups<\/a> and worry that attacks at the application software level could become a more attractive option in the near future.<\/p>\n

\u201cThat\u2019s a space we\u2019re going to really see attackers take more advantage of moving forward,\u201d said Jen Miller-Osborn, deputy director of threat intelligence at Palo Alto Networks\u2019 Unit 42 research team. \u201cI think that\u2019s an area we\u2019re going to see ransomware actors move into unfortunately, because it tends to be very successful and it\u2019s got a relatively low barrier to entry once there are [proof of concept exploits] published on the internet and that\u2019s another way that attackers can potentially make a lot of money quickly.\u201d<\/p>\n

Concepts like DevSecOps, a framework for weaving security teams and principles earlier and more naturally into the software development process, have been around for years and were supposed to address many of the concerns around software security. However, while the concept is heavily pushed in some security circles and evangelized at conferences, many dev teams still fail to incorporate the ideas into their process, particularly for cloud-based projects. Some developers feel a lack of standardization for this methodology has hampered more widespread adoption.<\/p>\n

\u201cThere is a set of general recommendations and many specialized programs for monitoring security during development. Each of them solves one minor problem, but requires a lot of time to learn and implement,\u201d said Gilmullin, explaining why some organizations struggle to incorporate DevSecOps into their workflow. \u201cImplementing a set of tools for secure development is not easy \u2013 in the absence of proper support, training and outreach activities by the DevSecOps specialists, these tools simply will not be used.\u201d<\/p>\n

The more complex the development environment, the more complex the security tools used to scan, test and analyze the code integrity. While that reality can allow for more granular security testing, it can also muck up the development process and create awkward tradeoffs between security and other business goals. <\/p>\n

Integrating security tools into the dev process \u201cis not a one-button click thing,\u201d said Reed Loden, chief open source evangelist at HackerOne, a vulnerability coordination and bug bounty platform. It takes work and if its not done correctly, \u201cit breaks the pipeline and that blocks developers from actually doing work,\u201d Loden said. <\/p>\n

\u201cSecurity has always kind of been seen as that blocking factor in a lot of ways, and so people are less apt to actually care about it, no matter the company,\u201d said Loden. \u201cThey just say \u2018Hey, if security is going to block me from doing something, then that\u2019s not helpful to me and I\u2019m not going to be interested in actually dealing with this [problem].’\u201d<\/p>\n

A note of cautious optimism<\/strong><\/p>\n

In speaking to a range of experts, many offer the same general outlook: while the tooling and practices around software security are slowly getting better, a number of changing trends and evolutions in software development over the past decade have combined to decrease visibility and increase the vulnerability and attack surface.<\/p>\n

Gary McGraw, a software security expert and co-founder of the Berryville Institute of Machine Learning, lays out a \u201cTrinity of Trouble\u201d that is affecting the ability of software developers to spot and fix problems in their code: complexity, extensibility and widespread networking.<\/p>\n

As software has become more complex, it has become harder to understand how all the different pieces of code interact together and create openings for attackers. Since many applications are designed to be perpetually upgraded and expanded over time, they eventually grow beyond the analytical capabilities of most security teams. Finally, the widespread networking of IT systems and assets \u2013 particularly in the post-COVID-19 era \u2013 means that a single compromise today is often more impactful than in years past, with the potential to infect multiple systems or victims.<\/p>\n

One of the features expected to come out of the Biden administration\u2019s upcoming executive order is a software bill of materials. Allan Friedman, director of cybersecurity initiatives at the National Telecommunications and Information Administration, has spent years working with other stakeholders on a framework for a software bill of materials that could introduce more transparency into the software world. A software bill of materials (or \u201cS-BOM\u201d as Friedman and colleagues call it) is essentially a list of all the different pieces of code that go into making a software application.<\/p>\n

Virtually all applications are composed of chunks or snippets of older code that are stitched together by developers to perform a new function. These pieces come from different places \u2013 previous internal software, open-source code libraries or licensed third-party applications \u2013 and are recycled so much that it is often hard to know where they originally came from, or whether they share commonalities with other vulnerable software products that are regularly reported by security researchers.<\/p>\n

\u201cOur scope is quite ambitious. We are trying to foster an attitude of transparency in all software on the planet,\u201d said Friedman in an interview. \u201cNot just your traditional modern enterprise software, but also in areas of critical infrastructure, in automotive and energy and healthcare, where especially devices are going on be on-premise, they\u2019re going to be embedded in systems that might have a long lifespan and it\u2019s very important to know what\u2019s under the hood.\u201d<\/p>\n

Friedman and others believe that breaking down and tracking the provenance of these different bits of code can have numerous, multiplying effects of software security. It can feed into allow lists and deny lists to protect networks from risky code, be used to monitor potential end-of-life software issues and, once it\u2019s implemented widely enough, and become a factor in consumers\u2019 security evaluations of software program lacking a SBOM. It can also help inform cyber insurers, who may choose to raise premiums for companies that can\u2019t document where their code comes from.<\/p>\n

The research Friedman\u2019s group has done found that there are actually few implementation hurdles that would prevent many organizations from implementing an SBOM for their software beyond the general need to marshal awareness and support for the idea. One big complication is the need to harmonize and standardize the process to ensure organizations are putting out the same information consistently and in a way that can facilitate follow up security actions.<\/p>\n

\u201cThe basics of SBOM are there and an organization can implement it. The challenge is if we want to implement it in a machine-readable, automatable capacity, there\u2019s still a little more work we need to do so that an SBOM from one vendor looks enough like an SBOM from another vendor that a company can integrate them,\u201d Friedman said.<\/p>\n

One thing that is unlikely to change is the agile nature of modern software development, which tends to emphasize speed and continuous updates in the development process. Carielli said the DevOps concept is deeply entrenched in the software development community and aligns with the larger business needs of most company executives.<\/p>\n

\u201cDevelopment teams are tasked with getting features in customers\u2019 hands, and ultimately that\u2019s the job of the business,\u201d said Carielli. \u201cSo, they\u2019re going to move fast, but the challenge is when security doesn\u2019t have the integration and the tooling and the relationship with development to move at that same speed.\u201d<\/p>\n

That doesn\u2019t mean nothing can be done, and Carielli said tighter integration between security and development teams can address a lot of these problems without fundamentally changing the nature of the modern software development cycle. Ironically, SolarWinds may now be one of the few companies that has given its CISO the authority to hit pause<\/a> on any software update where speed and time-to-market are the prime considerations and there are outstanding security questions.<\/p>\n

Despite these trends, McGraw and others sounded a note of optimism that good security is still possible.<\/p>\n

\u201cI\u2019m optimistic that we\u2019re making progress in the software security field,\u201d said McGraw during a March 25 virtual event hosted by Neil Daswani, co-director of Stanford Online\u2019s Advanced Cybersecurity Program and author of \u201cBig Breaches.\u201d \u201cThough there will continue to be breaches and we\u2019re going to continue to have problems, we actually do know what to do to build secure software. Now it\u2019s up to us all as a society to do it.\u201d<\/p>\n<\/p><\/div>\n

\n

Topics:<\/h2>\n

Application security<\/a> DevOps<\/a> Software and solutions<\/a> <\/section>\n

READ MORE HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

READ MORE HERE…<\/p>\n","protected":false},"author":2,"featured_media":40223,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[140],"class_list":["post-40222","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehacker"],"yoast_head":"\nApplication Security Tactics Are Due For An Overhaul 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Application Security Tactics Are Due For An Overhaul 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-30T14:04:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/application-security-tactics-are-due-for-an-overhaul.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"614\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/application-security-tactics-are-due-for-an-overhaul\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/application-security-tactics-are-due-for-an-overhaul\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Application Security Tactics Are Due For An Overhaul\",\"datePublished\":\"2021-03-30T14:04:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/application-security-tactics-are-due-for-an-overhaul\\\/\"},\"wordCount\":2227,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/application-security-tactics-are-due-for-an-overhaul\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/application-security-tactics-are-due-for-an-overhaul.jpg\",\"keywords\":[\"headline,hacker\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/application-security-tactics-are-due-for-an-overhaul\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/application-security-tactics-are-due-for-an-overhaul\\\/\",\"name\":\"Application Security Tactics Are Due For An Overhaul 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/application-security-tactics-are-due-for-an-overhaul\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/application-security-tactics-are-due-for-an-overhaul\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/application-security-tactics-are-due-for-an-overhaul.jpg\",\"datePublished\":\"2021-03-30T14:04:57+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/application-security-tactics-are-due-for-an-overhaul\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/application-security-tactics-are-due-for-an-overhaul\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/application-security-tactics-are-due-for-an-overhaul\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/application-security-tactics-are-due-for-an-overhaul.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/application-security-tactics-are-due-for-an-overhaul.jpg\",\"width\":1024,\"height\":614},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/application-security-tactics-are-due-for-an-overhaul\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehacker\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Application Security Tactics Are Due For An Overhaul\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Application Security Tactics Are Due For An Overhaul 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/","og_locale":"en_US","og_type":"article","og_title":"Application Security Tactics Are Due For An Overhaul 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-03-30T14:04:57+00:00","og_image":[{"width":1024,"height":614,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/application-security-tactics-are-due-for-an-overhaul.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Application Security Tactics Are Due For An Overhaul","datePublished":"2021-03-30T14:04:57+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/"},"wordCount":2227,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/application-security-tactics-are-due-for-an-overhaul.jpg","keywords":["headline,hacker"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/","url":"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/","name":"Application Security Tactics Are Due For An Overhaul 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/application-security-tactics-are-due-for-an-overhaul.jpg","datePublished":"2021-03-30T14:04:57+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/application-security-tactics-are-due-for-an-overhaul.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/03\/application-security-tactics-are-due-for-an-overhaul.jpg","width":1024,"height":614},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/application-security-tactics-are-due-for-an-overhaul\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehacker\/"},{"@type":"ListItem","position":3,"name":"Application Security Tactics Are Due For An Overhaul"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40222"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40222\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/40223"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}