About the Wabbinar

ASPM 101 was a webinar discussing Application Security Posture Management (ASPM) and its importance in modern application security programs. The session provided an overview of ASPM, its history, and how it has evolved. It also explored the key components of ASPM, how to implement it, and the benefits it can bring to an organization.

Ready to Watch the Full Wabbinar? Access ASPM 101 Here!

 Highlights

– Introduction to ASPM and its relevance in the application security arena

– A look at the history of ASPM and its evolution

– Discussion on the key components of ASPM: Vulnerability Management, Risk Management, and Observability

– How to implement ASPM and the benefits it can bring to an organization

Takeaway 1: The concept of Application Security Posture Management (ASPM) has become critical in modern application security programs.

Brittany Greenfield, the CEO and founder of Wabbi, emphasized the importance of ASPM, which analyzes security signals across software development, deployment, and operation to improve visibility, better manage vulnerabilities, and enforce controls. “We’re moving further and further away from just talking about testing to really what a holistic application security program relies on,” she asserted. Greenfield delineated the evolution and struggle of integrating security into the software development lifecycle which led to the emergence of ASPM.

She highlighted the three key components of ASPM – vulnerability management, risk management, and observability. According to Greenfield, “ASPM, which Wabbi has been doing before it was a term since we were founded in 2018, is really about bridging that gap between security and development.”

Takeaway 2: ASPM provides a comprehensive approach to vulnerability and risk management. 

Greenfield stressed that ASPM is not about introducing another tool, but rather about merging processes. She argued that good vulnerability management includes having scheduled scans, scoring vulnerabilities in the context of the application, and having no noise ticket integrations. She also underlined the importance of managing risk separately at an application level.

She elucidated, “You can’t secure everything. As I mentioned, secure code is not locked up code, but you have to make the decision about what risk you’re willing to take on each application.” She further explained that ASPM is about transforming data into actionable insights and empowering dynamic management of an application security program.

Takeaway 3: Implementing ASPM should be a gradual, incremental process.

Starting small, codifying processes, and integrating with DevOps tools were the three ways Greenfield proposed to implement ASPM. She advised to pick the most urgent pain point and grow from there, while making sure to have a comprehensive ASPM platform. She also stressed the importance of codifying processes and not relying on Excel.

She suggested, “Start small with some of the Use cases… Don’t be afraid early on to integrate with DevOps tools. That could be something as simple as just the ticketing system. But make sure you’re getting that feedback about where you are in the lifecycle of that application’s development.” She emphasized that ASPM is not just about tool integration, but about bridging the gap between security and development processes.

Insights surfaced

– ASPM is a critical part of modern application security programs, providing visibility, managing vulnerabilities, and enforcing controls.

– ASPM has evolved from the early days of DevSecOps, with a shift towards a more holistic approach to application security.

– Key components of ASPM include vulnerability management, risk management, and observability. These components together enable organizations to manage application security effectively.

– Implementing ASPM involves starting small, codifying processes, and integrating with DevOps tools. It’s also important to have Software Development Lifecycle (SDLC) awareness and manage risk separately at an application level.

– ASPM can bring several benefits to an organization, including a unified application security program, context-based orchestration, and dynamic requirements management.

Key quotes

– “ASPM is a critical underpinning to today’s modern application security programs.”

– “We’re moving further and further away from just talking about testing to really what a holistic application security program relies on.”

– “ASPM is about merging processes and if you can’t see what’s happening on the development side, on the software development lifecycle, then there’s no way to actually merge the processes.”

– “You need to have a way to get as granular as saying this application has this risk profile and therefore here are all the policies that we’re implementing to do that.”

– “ASPM is really about bridging that gap between security and development.”

Ready to Watch the Full Wabbinar? Access ASPM 101 Here!