Checking in on the State of Appsec in 2025
Last year's Application Security Weekly (ASW) episode #337 left us pondering the ever-evolving landscape of application security. As we dive into 2025, it's essential to assess where appsec stands today and how emerging technologies are shaping its future.
The Legacy of Ancient Vulnerabilities
A fundamental truth about appsec remains unchanged: ancient vulnerabilities like SQL injection and Cross-Site Scripting (XSS) still plague organizations. Although their prevalence seems to be decreasing, it's crucial to acknowledge that these flaws can still cause significant damage.
The Rise of Large Language Models (LLMs) in Appsec
Another development has emerged: the increasing use of Large Language Models (LLMs) alongside human developers. This raises a critical question: do LLMs require security awareness training to prevent potential exploits? We'll explore this topic in more depth later.
Where Organizations Are Investing in Appsec
According to recent reports, organizations are investing heavily in appsec practices such as vulnerability management and penetration testing. This shift towards proactive defense is a positive trend that should be encouraged.
Collaborations Between Appsec Teams and Other Departments
Appsec teams are also partnering with other departments to enhance security posture. For instance, DevOps teams are collaborating closely with appsec specialists to ensure seamless integration of security checks into the development process. This cross-functional approach is essential for effective appsec.
Expanding Attack Surface: The Rise of LLM-Generated Code
The emergence of LLM-generated code introduces a new attack surface, albeit one that's not drastically different from existing vulnerabilities. As these AI-powered tools become more prevalent, it's essential to adapt our appsec strategies to address the potential risks.
Conclusion and Next Steps
In conclusion, while ancient vulnerabilities like SQL injection and XSS continue to pose a threat, the rise of LLMs is expanding a new attack surface. As we move forward in 2025, it's crucial for organizations to invest in proactive appsec practices, collaborate with other departments, and consider security awareness training for AI-powered tools. By doing so, we can ensure a more secure digital landscape.
Thanks for joining us on this journey through the world of application security! Don't miss our previous episodes at https://www.securityweekly.com/asw.
Resources:
Learn more about the evolving landscape of appsec from Forrester.