Welcome!

News Feed Item

Security Innovation Announces a Managed Application Security Testing (MAST) Service to Help Enterprises Mitigate the Risk of Cyber Crime

Security Innovation, an authority in Application Security assessment, standards and training, announces the availability of a hosted application security testing, remediation and reporting platform. For organizations with many applications to secure, MAST provides an optimized process to manage threats by ensuring that the appropriate level of security testing is applied. Built upon a multi-tiered platform, MAST is flexible enough to address the varying needs and characteristics of any organization’s specific application landscape.

Designed for all application types, assessments range from a deep inspection conducted by world-class security engineers, to a combination of manual/automated testing with expert verification of vulnerabilities, to a rapid automated scan with engineering analysis to remove false positives. This approach helps ensure maximum ROI through decreased costs, shortened test cycles and reduced time-to-fix. Additionally, because MAST does not require organizations to have hardware or infrastructure in place to begin application security testing, it can be launched in as little as a day.

A 2013 Ponemon Institute research study titled The Current State of Application Security revealed that only 43% of organizations have a security testing process in place. Additionally, less than half the respondents say their organizations measure application security risk and believe it is well understood and even fewer use risk metrics to guide application security decision-making.

“Security relies heavily on consistency, and good metrics are critical to achieving that consistency,” said Wendy Nather, Research Director at 451 Research. “This is especially the case with software security. More enterprises are using regular testing and measurement across their application portfolios to get a better handle on their overall risk."

Regular and iterative assessments ensure that problems are caught before they propagate. Additionally, they enable risk trend analysis, which helps organizations make more informed remediation and security investment decisions. From a cost perspective, MAST ensures a practical approach to help organizations determine the optimal application testing needed, which typically yield a 20% to 30% reduction in cost over individual testing services, according to company data.

“Application assessments should not be a one size fits all solution. Business critical applications require significant time and effort while low risk applications may require a very light touch,” said Edward Adams, CEO of Security Innovation. “Optimization around frequency and depth of testing based upon application criticality and business risk can help improve ROI by enabling investment in the areas where it is needed most and over-spending in low-risk areas.”

About MAST
Designed to fit the budget of all sized organizations, MAST helps meet your application security vulnerability management goals by identifying and prioritizing vulnerabilities, and providing detailed remediation guidance in the specific technology or platform being used. For high-risk applications, a threat model is created to identify the most critical threats to the application and to construct customized test plans that target high-risk areas.

Features & Benefits:

  • Multiple Security Testing Options: three tiers of services based on the risk profile and business criticality of the software. Security tests can be conducted monthly, quarterly and ad-hoc.
  • Accurate and expansive vulnerability reporting: expert analysis of findings minimizes false positives and ensures business logic and other vulnerabilities that can’t be found with other approaches are looked for.
  • “Always Up” online portal: to review assessment results, analyze trends, schedule regular and ad-hoc application tests and gain access to expert consultants.
  • Integrates with market-leading training platform: get direct access to TeamProfessor eLearning courses and TeamMentor secure development knowledgebase for ongoing developer training and vulnerability remediation

About Security Innovation

Security Innovation offers solutions based on the three pillars of the Software Development Lifecycle (SDLC): standardseducation and assessment. For over a decade, Security Innovation has helped organizations build internal expertise, uncover critical vulnerabilities and integrate security into their software development lifecycle. (SDLC). The company’s flagship products include TeamMentor secure coding knowledgebase and TeamProfessor, the industry’s largest library of application security eLearning courses that covers all major platforms, technologies and development team roles.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
What if you could build a web application that could support true web-scale traffic without having to ever provision or manage a single server? Sounds magical, and it is! In his session at 20th Cloud Expo, Chris Munns, Senior Developer Advocate for Serverless Applications at Amazon Web Services, will show how to build a serverless website that scales automatically using services like AWS Lambda, Amazon API Gateway, and Amazon S3. We will review several frameworks that can help you build serverle...
Deep learning has been very successful in social sciences and specially areas where there is a lot of data. Trading is another field that can be viewed as social science with a lot of data. With the advent of Deep Learning and Big Data technologies for efficient computation, we are finally able to use the same methods in investment management as we would in face recognition or in making chat-bots. In his session at 20th Cloud Expo, Gaurav Chakravorty, co-founder and Head of Strategy Development ...
"Peak 10 is a national cloud data center solutions managed services provider, and part of that is disaster recovery. We see a growing trend in the industry where companies are coming to us looking for assistance in their DR strategy," stated Andrew Cole, Director of Solutions Engineering at Peak 10, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership abi...
The essence of cloud computing is that all consumable IT resources are delivered as services. In his session at 15th Cloud Expo, Yung Chou, Technology Evangelist at Microsoft, demonstrated the concepts and implementations of two important cloud computing deliveries: Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). He discussed from business and technical viewpoints what exactly they are, why we care, how they are different and in what ways, and the strategies for IT to transi...
Information technology (IT) advances are transforming the way we innovate in business, thereby disrupting the old guard and their predictable status-quo. It’s creating global market turbulence. Industries are converging, and new opportunities and threats are emerging, like never before. So, how are savvy chief information officers (CIOs) leading this transition? Back in 2015, the IBM Institute for Business Value conducted a market study that included the findings from over 1,800 CIO interviews ...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
Niagara Networks exhibited at the 19th International Cloud Expo, which took place at the Santa Clara Convention Center in Santa Clara, CA, in November 2016. Niagara Networks offers the highest port-density systems, and the most complete Next-Generation Network Visibility systems including Network Packet Brokers, Bypass Switches, and Network TAPs.
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
Extreme Computing is the ability to leverage highly performant infrastructure and software to accelerate Big Data, machine learning, HPC, and Enterprise applications. High IOPS Storage, low-latency networks, in-memory databases, GPUs and other parallel accelerators are being used to achieve faster results and help businesses make better decisions. In his session at 18th Cloud Expo, Michael O'Neill, Strategic Business Development at NVIDIA, focused on some of the unique ways extreme computing is...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
SYS-CON Events announced today that Outlyer, a monitoring service for DevOps and operations teams, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outlyer is a monitoring service for DevOps and Operations teams running Cloud, SaaS, Microservices and IoT deployments. Designed for today's dynamic environments that need beyond cloud-scale monitoring, we make monitoring effortless so you ...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
In his General Session at 17th Cloud Expo, Bruce Swann, Senior Product Marketing Manager for Adobe Campaign, explored the key ingredients of cross-channel marketing in a digital world. Learn how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects).