Black Hat USA 2024 Recap: What We Heard from AppSec Leaders

At Heeler, we had the privilege of connecting with many AppSec leaders at Black Hat USA 2024. It was clear that despite advancements, significant pain points remain.

August 9, 2024

At Heeler, we had the privilege of connecting with many AppSec leaders at Black Hat USA 2024. It was clear that despite advancements, significant pain points remain. Here's what we heard:

🕵️‍♂️ Lack of Context: Understanding the impact of findings on the application, especially in runtime, is still a massive challenge.

🔄 Threat Modeling: App decomposition is hard and time-consuming, making threat modeling a daunting task.

🔍 Seeing the Impact: AppSec Teams Demand More Than Just a Prioritized List of Findings: AppSec teams want to see impact of their work and where the structural problems are, not just a prioritized list of findings.

📉 Tracking Progress: The inability to track progress and understand the current state of AppSec is a common frustration.

🚧 Developer Engagement: Getting developers to meaningfully participate in security efforts is tough, especially when the impact of changes is unclear.

🔊 There Continues to be Too Much Noise: The sheer volume of findings and the challenge of distinguishing what truly matters make prioritization a major headache. AI coding has amplified this challenge.

🛠️ Fixing Is Hard: The complexity of fixing vulnerabilities, especially with the velocity of new code, remains a persistent struggle and is getting worse (again AI coding).

🔍 Observability Gaps: Many leaders highlighted the need for better observability — understanding how things relate to each other is critical but often lacking.

🕸️ API Visibility: Visibility into the app surface, particularly APIs, is still a significant challenge.

These insights reinforce our mission at Heeler—to build a unified context platform that cuts through the noise, providing meaningful insights, and helping security and development teams work together more effectively. We're excited to keep pushing the boundaries of what's possible in application security.

Related resources

See All Resources

September 12, 2024

The Need for Continuous and Agile Threat Modeling

In today’s agile development landscape, where cloud-based software is constantly evolving and deployed at unprecedented speed, traditional, manual threat modeling is no longer enough. As development teams iterate quickly and deploy in real-time, requirements and architecture changes rapidly, creating potential gaps in security that static threat models simply cannot keep up with. This has paved the way for continuous and agile threat modeling—a real-time approach to identifying, assessing, and mitigating risks early in the software lifecycle.

September 10, 2024

Revolutionizing Application Security: The Heeler Story

At Heeler, we’re not just building a product; we’re reshaping the future of application security. In today’s rapidly evolving digital landscape, the traditional approach to security has reached its limits. As applications grow more complex and threats become more sophisticated, the need for a unified security approach that integrates code, runtime, and business context is more critical than ever.

September 3, 2024

The Challenges of Decomposing Cloud-Based Applications (and How to Implement Agile and Continuous Threat Modeling)

In the fast-paced world of software development, the adoption of agile methodologies and continuous delivery practices has revolutionized how applications are built, deployed, and maintained. In an agile environment, where code and cloud are constantly changing and new features are continuously being integrated, threat modeling needs to be just as agile and continuous. The idea is to ensure that security is built into the development process rather than bolted on as an afterthought.

August 27, 2024

Solving Prioritization for Application Security

Security prioritization has become an overwhelming challenge for organizations, as they try to manage an ever-expanding application footprint alongside an increasingly sophisticated threat landscape. In 2024 alone, we've seen a 30% year-over-year increase in reported CVEs through July, according to the Qualys Threat Research Unit. The rise of AI-assisted coding—often trained on the same vulnerable code we're trying to defend against—likely exacerbates this issue even further.

August 21, 2024

Unifying Threat Modeling, Lifecycle Management, and Response Orchestration: How Heeler Redefines Application Security

In today’s complex digital landscape, application security can no longer be handled with a siloed approach. Modern applications require a comprehensive strategy that integrates multiple security disciplines into a seamless process. At Heeler, we understand that to effectively manage and mitigate risks, security needs to be woven into every stage of the software development lifecycle (SDLC). This is why we've built a platform that unifies threat modeling, lifecycle management, and response orchestration into a cohesive system.

August 20, 2024

How Customer Feedback Shapes What We Build at Heeler

At Heeler, we believe that the best products are built in collaboration with those who will use them. From day one, our mission has been to create a transformative application security platform, and we knew that achieving this would require more than just innovative ideas and advanced technology. It would require deep, ongoing engagement with the very people who face the challenges we aim to solve: our customers.

Announcing the Launch of Heeler's Advisory Board

These industry veterans bring diverse perspectives and deep insights into application security, and we're excited to collaborate with them as we continue to innovate and transform the field. Their guidance will be invaluable as we strive to maximize the impact of application security teams and developers with unified code, runtime, business, and security context.

Heeler: Loyalty, Resilience, and a Commitment to Excellence

The name "Heeler" was inspired by the remarkable traits of the Blue Heeler dog, a breed known for its intelligence, loyalty, and tenacity. Two of our co-founders, James Green and Trever McKee, both own Blue Heelers and have long admired these dogs for their unwavering dedication and keen problem-solving abilities.

The AppSec Context Gap - Code, Runtime, and Business

The Heeler team dedicated several months collaborating with research partners from various organizations to identify the most significant gaps in application security. A recurring theme emerged: the absence of context was a major issue, and obtaining this context was costly, often necessitating the involvement of key personnel from both security and development teams. Furthermore, this substantial time investment did not yield lasting value due to the dynamic nature of applications in cloud and agile environments, rendering these context investigations transient and expensive.

Transforming Application Security: Introducing Software Lineage

In application development, keeping track of where software is deployed, which versions are running, and ensuring they're secure pose formidable challenges. A vast majority of teams still depend on manual processes, using spreadsheets and documentation to catalog their Apps and APIs. One recent report outlines that 74% of companies are still using traditional documentation and 68% relying on spreadsheets to catalog their apps and APIs. As deployment velocity increases, driven by AI-assisted coding and a push for greater developer autonomy, the complexity of accurately managing these deployments intensifies.

See All Resources