GSA Seeks Info on Automated and Expert Tools to Analyze Application Security
The agency requested details on the tools available to address weaknesses in the applications and testing process, in an effort to boost security measures.
The General Services Administration is inquiring about the government’s application security testing—the process of making applications more resistant to threats—to detect weaknesses that could be used by adversaries.
In a request for information, GSA requested details on the availability of application security testing capabilities, such as manual expert analysis and automated tools to help identify and address flaws in federal applications.
According to the agency, a goal is “to build understanding of the complexity and diversity of this marketplace, ensuring federal agencies can make the greatest use of the services, technologies and toolsets available.”
GSA stated that the government needs to use “sophisticated tools that can statically and dynamically analyze applications for detectable weaknesses,” but efforts must go beyond automated tools. Specifically, the government must have cybersecurity experts analyze government applications for weaknesses and how these could be used by attackers.
For example, the agency asked respondents several technical questions about their application security testing offerings, methods, components and process, among other things.
GSA’s request comes as agencies are working to strengthen their application security, such as through multi-factor authentication, implementing zero trust architecture and other measures, in compliance with President Joe Biden’s May 2021 executive order. Previous reports have highlighted vulnerabilities in commercial-off-the-shelf products, adding an additional layer of consideration.
Responses are due Sept. 30.