Categories: Application Security

Developers lack Application Security Skills. Do You Agree?

[adsenseyu2]

In my experience, I have found that almost 95% of application developers lack application security skills and at times, tend to complete their journey without knowing much of the security technologies and related skills. Ask them if they wrote secured code, and almost in 90% of cases, they may say “don’t know” or say, “yes, wrote parameterized queries”.

They say, “Its Not My Job”

I talked to some of the developers at different experience levels and found some of the following as their answers:

  1. Use secured frameworks, so why bother?: Well, frameworks that are used for application development takes care of security aspects. So, we rely upon these frameworks for security concerns and not pay much attention at the time of development.
  2. I don’t have enough time: Some of them said that they do not get enough time for paying attention to security concerns after writing code for business functionality and unit testing.
  3. I don’t have enough skills: Some of them said that they are not aware of what does it take to write secured code. More so, they are unaware of when to start planning for security while doing application development? This is primarily attributed to lack of security awareness and related training across the organization.
  4. That’s not my job: Some of them said that that’s not their job. Their company has hired a set of security officers to conduct application security planning including architecture & design considerations, development best practices, code review and testing.
  5. Unclear security requirements: Some of them interestingly pointed that they do not come to know about clear security requirements and this is why it goes unaddressed/unnoticed.
  6. I don’t have hacker’s mindset: Few of them also said that even if they learn the tips & techniques, they do not think they have enough skill & time to think like a hacker and plan for application security.

[adsenseyu1]

Ajitesh Kumar

I have been recently working in the area of Data analytics including Data Science and Machine Learning / Deep Learning. I am also passionate about different technologies including programming languages such as Java/JEE, Javascript, Python, R, Julia, etc, and technologies such as Blockchain, mobile computing, cloud-native technologies, application security, cloud computing platforms, big data, etc. I would love to connect with you on Linkedin. Check out my latest book titled as First Principles Thinking: Building winning products using first principles thinking.

Share
Published by
Ajitesh Kumar

Recent Posts

Agentic Reasoning Design Patterns in AI: Examples

In recent years, artificial intelligence (AI) has evolved to include more sophisticated and capable agents,…

2 months ago

LLMs for Adaptive Learning & Personalized Education

Adaptive learning helps in tailoring learning experiences to fit the unique needs of each student.…

3 months ago

Sparse Mixture of Experts (MoE) Models: Examples

With the increasing demand for more powerful machine learning (ML) systems that can handle diverse…

3 months ago

Anxiety Disorder Detection & Machine Learning Techniques

Anxiety is a common mental health condition that affects millions of people around the world.…

3 months ago

Confounder Features & Machine Learning Models: Examples

In machine learning, confounder features or variables can significantly affect the accuracy and validity of…

3 months ago

Credit Card Fraud Detection & Machine Learning

Last updated: 26 Sept, 2024 Credit card fraud detection is a major concern for credit…

3 months ago