Of the top 50 U.S. undergraduate computer science programs, zero required an application or secure coding course. Only nine out of 50 even offer one or more electives in application security or secure coding, according to the IT research firm https://www.forrester.com/.
That’s a problem, frankly: Companies that suffered an external breach in the previous 12 months of 2022 reported that two of the top attack methods were taking advantage of vulnerable software and direct web application attacks, according to Forrester’s https://www.forrester.com/Forrester+Analytics+Business+Technographics+Security+Survey+2021/-/E-SUS6651.
Developers shouldn’t only rely on runtime protection tools, such as web application firewalls, API protection and runtime application self-protection (RASP).
Just as with custom code, generated code should be subject to security testing tools, Forrester noted.