Black Hat USA 2024 Recap: What We Heard from AppSec Leaders
At Heeler, we had the privilege of connecting with many AppSec leaders at Black Hat USA 2024. It was clear that despite advancements, significant pain points remain. Here's what we heard:
🕵️♂️ Lack of Context: Understanding the impact of findings on the application, especially in runtime, is still a massive challenge.
🔄 Threat Modeling: App decomposition is hard and time-consuming, making threat modeling a daunting task.
🔍 Seeing the Impact: AppSec Teams Demand More Than Just a Prioritized List of Findings: AppSec teams want to see impact of their work and where the structural problems are, not just a prioritized list of findings.
📉 Tracking Progress: The inability to track progress and understand the current state of AppSec is a common frustration.
🚧 Developer Engagement: Getting developers to meaningfully participate in security efforts is tough, especially when the impact of changes is unclear.
🔊 There Continues to be Too Much Noise: The sheer volume of findings and the challenge of distinguishing what truly matters make prioritization a major headache. AI coding has amplified this challenge.
🛠️ Fixing Is Hard: The complexity of fixing vulnerabilities, especially with the velocity of new code, remains a persistent struggle and is getting worse (again AI coding).
🔍 Observability Gaps: Many leaders highlighted the need for better observability — understanding how things relate to each other is critical but often lacking.
🕸️ API Visibility: Visibility into the app surface, particularly APIs, is still a significant challenge.
These insights reinforce our mission at Heeler—to build a unified context platform that cuts through the noise, providing meaningful insights, and helping security and development teams work together more effectively. We're excited to keep pushing the boundaries of what's possible in application security.