In today’s hyper-connected digital ecosystem, applications are the engines of business innovation. But as they become more complex—built on microservices, powered by APIs, and delivered at DevOps speed—the security risks grow exponentially. From zero-day exploits to sophisticated supply chain attacks, the need to safeguard the application layer has never been more urgent. At the center of this battle for digital resilience is a new generation of application security (AppSec) leaders who are fundamentally rethinking how to secure the software development lifecycle (SDLC) without slowing innovation.
Subho Halder, CEO of Appknox, speaks candidly about the magnitude of change sweeping through the industry. “The way software is built has changed dramatically, and security needs to evolve with it,” he says. “Our focus is on aligning security with modern development practices by embedding it early in the lifecycle—not layering it on afterwards.”
For Halder, the transition to distributed architectures and the explosion in API use demand not just stronger defences but smarter visibility. He stresses the importance of making security a seamless part of the developer workflow. “At Appknox, we’ve invested in making security feel like a natural extension of development, not a separate gate,” he adds.
This integration is particularly critical in environments where speed is paramount. Development teams are under constant pressure to ship faster and innovate continuously. The tension between velocity and vigilance can be intense. But Halder believes the two aren’t mutually exclusive. “Security and speed can coexist—it’s about smart integration,” he says. “We ensure that security becomes a built-in quality gate, not a bottleneck.” His approach focuses on early issue detection and providing developers with actionable insights that reduce manual overhead.
Halder isn’t alone in seeing the future of AppSec as deeply embedded and collaborative. Roy Verboeket, Vice President of Sales Engineering EMEA at Extreme Networks, sees a clear need to integrate security into every stage of development and networking. “Security must be built-in, not bolted on,” Verboeket asserts. “We embed threat modelling early in the SDLC and automate checks within CI/CD pipelines.” By tightly coupling secure coding practices with automated DevOps processes, Extreme helps organisations maintain agility while enhancing their threat posture.
Verboeket believes that harmonising AI, networking, and security technologies has created an environment where developers can move fast without compromising trust. “We’ve enabled continuous validation within the CI/CD cycle, so security isn’t an afterthought—it’s a part of every step,” he explains.
Ilyas Mohammed, COO of AmiViz, a cybersecurity marketplace in the Middle East, echoes this sentiment. He sees the region’s growing appetite for AppSec solutions that align with the pace of DevOps. “Our strategy embeds security across the SDLC, from code to deployment,” he notes. “We enable shift-left practices and secure APIs and microservices so applications are resilient and compliant throughout development.”
For Mohammed, automation is the linchpin. By integrating lightweight AppSec tools directly into CI/CD pipelines, AmiViz helps organisations reduce remediation time while preserving development velocity. “It’s about empowering developers without overwhelming them,” he adds.
Mohammed also points out the escalating threat landscape. With zero-day vulnerabilities and supply chain attacks on the rise, proactive security strategies have become essential. “We prioritise continuous monitoring of third-party components and leverage real-time threat intelligence,” he says. AmiViz collaborates with global cybersecurity innovators to detect anomalies and mitigate emerging risks before they impact production environments.
Fortinet’s approach is similarly comprehensive. Tony Zabaneh, Director of Systems Engineering for the South Middle East, explains that Fortinet’s tools are designed to integrate deeply into the DevOps workflow. “FortiDevSec enables automated SAST, DAST, SCA, and API scanning early in the build process,” he explains. These solutions help identify vulnerabilities before applications go live. Meanwhile, FortiCNAPP provides continuous security coverage across cloud-native infrastructure, offering visibility into microservices and containerised workloads.
Zabaneh highlights how Fortinet’s cloud-native WAAP, FortiAppSec, combines runtime protection with ML-powered threat detection to fend off OWASP Top 10 threats and bot attacks. “Our approach ensures developers can ship fast without compromising on protection or compliance,” he adds.
F5’s RVP for the Middle East, Türkiye, and Africa, Mohammed Abukhater, paints a vivid picture of the modern application landscape. “It’s a ball of fire,” he says, referring to the complexity introduced by hybrid, multicloud infrastructures, API sprawl, and AI-driven workloads. “As AI forces the development of more apps and APIs, the fire only grows. Taming it requires coordinated application delivery and security.” F5 addresses this challenge through its Application Delivery and Security Platform (ADSP), which consolidates best-in-class security and delivery functions into a unified system. “It simplifies operations while ensuring resiliency and protection,” Abukhater says.
F5’s strength lies in its ability to deliver centralised visibility and policy enforcement across environments—whether on-premises, in public clouds, or at the edge. In tackling supply chain threats and zero-day vulnerabilities, F5 employs a defence-in-depth strategy. “We secure every layer—from client-side protection and access control to application firewalls and LLM workload protection,” Abukhater explains. Their proactive defence includes adaptive protection mechanisms that operate without relying solely on known threat signatures, a vital capability in today’s fast-evolving threat landscape.
Laurence Elbana, Director of Sales MEA at CyberArk, shifts the conversation toward identity as the foundation of modern AppSec. In a world where applications are increasingly modular and interconnected, identity plays a critical role in securing communication between services. “Our solutions ensure that only authenticated and authorised users can interact across APIs and microservices,” Elbana says. In DevOps environments, CyberArk focuses on protecting automated pipelines by securing secrets, enforcing access controls, and managing privileged identities.
Elbana stresses that embedding security into development doesn’t have to mean slowing things down. “Automating code scanning and compliance checks enables secure delivery without compromising speed,” he explains. Collaboration between security and engineering teams also plays a central role. By modelling threats early and embedding controls within development workflows, organisations can accelerate innovation while staying protected.
When it comes to staying ahead of unknown threats, CyberArk champions a zero-trust architecture. “We enforce least-privilege access and continuous authentication across systems,” Elbana says. Leveraging AI-driven threat detection and real-time monitoring, the company focuses on identity as both a risk vector and a security control.
Across all these perspectives, a common theme emerges: application security is no longer a siloed function. It’s a cross-functional, deeply integrated discipline that spans the entire software lifecycle. The leaders shaping AppSec today are embedding security into the DNA of development, operations, and user experience.
What’s clear is that securing the digital core of an enterprise requires more than reactive defences. It demands proactive design, continuous learning, and a culture where security is seen as an enabler of progress, not a barrier. Whether through intelligent automation, zero-trust frameworks, or behavioural analytics, the future of AppSec lies in its ability to adapt as fast as the threats evolve.
In this landscape, success isn’t measured solely by how well an application performs, but by how resilient, secure, and trustworthy it remains over time. As applications continue to grow in complexity and criticality, securing them at every stage of development has become not just a technical challenge, but a business imperative.