Application Security plugin/add-in in IDE (ex. Eclipse, Visual Studio etc.) is a software tool primarily designed to help developers write more secure code by detecting and identifying potentially vulnerable code and providing informative fixes in the early phase (i.e. development phase) of the SSDLC.
Plugin Examples: Application Security plugin for Integrated Development Environment (ASIDE) for Eclipse, Cigital SecureAssist plugin for Eclipse & Visual Studio.
Features of IDE Plugin:
- Fits into a Modern Agile Process
- Brings security in early stage of development
- It helps organizations deliver more secure software faster.
- Allows developer to write customized rules
- System resources are not over utilized as it is a light weight plugin
- Provides usage statistics and reports
- Rules are updated as new vulnerabilities surface
- Fast scans & helpful guidance
- Does not require additional workflow steps
- Lives in the IDE where developers work
- Considerable reduction in vulnerability count in testing phase as issues would have been flagged and remediated in development phase itself as given below in Fig-1.
- Considerable decrease in remediation effort and cost
- Simplifies overall security challenges
- Developers can jump to the issue immediately and see an explanation for how to fix it
- Reinforces secure coding practices
- Guidance is specific to the language and framework used
- Customize your own rules and guidance that's specific to your company's frameworks and policies
Authored by Harihar Prusty