Introducing Appsec360 part 2: The approach

We built Appsec360 to address challenges in building and running a data-driven application security program by focussing on four fundamental issues I mentioned in one of my previous posts (see Part 1). Appsec360 is designed based on three pillars that influenced all our design decisions:

Transparent Security: We strongly believe that in the world of rapid development practices, to be effective, security MUST be as low touch as possible yet be effective. Based on our experience, after a baseline security review of a product is completed, 90% of subsequent releases do not require any formal interaction with the security team due to the nature of changes introduced.

Timely Intervention: We understand that inadequate oversight (mainly in security areas) will inevitably lead to adherence gaps. Our platform must provide features that will enable security teams to keep a constant tab on all releases, right from inception to release, and define triggers that will allow just-in-time intervention if needed.

Continuous Feedback Loop: We strongly believe that Security teams must incentivize development teams for ongoing good work. This means that the security workload for development teams will vary depending on historical evidence of work put into their product and various other metadata points that we will collect throughout the lifecycle of a product.

End to End Management for Product Security Programs

Appsec360 platform is designed to be a force multiplier for the product security teams. It will help connect disparate sets of tools and workflows using seamless and process-based orchestration across the software development lifecycle. It will provide avenues for introducing intelligent automation where it makes sense and is customizable to specific requirements of the customer organization.

This ends part 2 of this blog series we wrote to introduce Appsec360. In part 3, I will cover the benefits that a platform like Appsec360 will bring for both the application security and the development teams.



Platform to build and manage highly scalable, data driven application security programs.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

Platform to build and manage highly scalable, data driven application security programs.