Welcome!

News Feed Item

Security Innovation Announces a Managed Application Security Testing (MAST) Service to Help Enterprises Mitigate the Risk of Cyber Crime

Security Innovation, an authority in Application Security assessment, standards and training, announces the availability of a hosted application security testing, remediation and reporting platform. For organizations with many applications to secure, MAST provides an optimized process to manage threats by ensuring that the appropriate level of security testing is applied. Built upon a multi-tiered platform, MAST is flexible enough to address the varying needs and characteristics of any organization’s specific application landscape.

Designed for all application types, assessments range from a deep inspection conducted by world-class security engineers, to a combination of manual/automated testing with expert verification of vulnerabilities, to a rapid automated scan with engineering analysis to remove false positives. This approach helps ensure maximum ROI through decreased costs, shortened test cycles and reduced time-to-fix. Additionally, because MAST does not require organizations to have hardware or infrastructure in place to begin application security testing, it can be launched in as little as a day.

A 2013 Ponemon Institute research study titled The Current State of Application Security revealed that only 43% of organizations have a security testing process in place. Additionally, less than half the respondents say their organizations measure application security risk and believe it is well understood and even fewer use risk metrics to guide application security decision-making.

“Security relies heavily on consistency, and good metrics are critical to achieving that consistency,” said Wendy Nather, Research Director at 451 Research. “This is especially the case with software security. More enterprises are using regular testing and measurement across their application portfolios to get a better handle on their overall risk."

Regular and iterative assessments ensure that problems are caught before they propagate. Additionally, they enable risk trend analysis, which helps organizations make more informed remediation and security investment decisions. From a cost perspective, MAST ensures a practical approach to help organizations determine the optimal application testing needed, which typically yield a 20% to 30% reduction in cost over individual testing services, according to company data.

“Application assessments should not be a one size fits all solution. Business critical applications require significant time and effort while low risk applications may require a very light touch,” said Edward Adams, CEO of Security Innovation. “Optimization around frequency and depth of testing based upon application criticality and business risk can help improve ROI by enabling investment in the areas where it is needed most and over-spending in low-risk areas.”

About MAST
Designed to fit the budget of all sized organizations, MAST helps meet your application security vulnerability management goals by identifying and prioritizing vulnerabilities, and providing detailed remediation guidance in the specific technology or platform being used. For high-risk applications, a threat model is created to identify the most critical threats to the application and to construct customized test plans that target high-risk areas.

Features & Benefits:

  • Multiple Security Testing Options: three tiers of services based on the risk profile and business criticality of the software. Security tests can be conducted monthly, quarterly and ad-hoc.
  • Accurate and expansive vulnerability reporting: expert analysis of findings minimizes false positives and ensures business logic and other vulnerabilities that can’t be found with other approaches are looked for.
  • “Always Up” online portal: to review assessment results, analyze trends, schedule regular and ad-hoc application tests and gain access to expert consultants.
  • Integrates with market-leading training platform: get direct access to TeamProfessor eLearning courses and TeamMentor secure development knowledgebase for ongoing developer training and vulnerability remediation

About Security Innovation

Security Innovation offers solutions based on the three pillars of the Software Development Lifecycle (SDLC): standardseducation and assessment. For over a decade, Security Innovation has helped organizations build internal expertise, uncover critical vulnerabilities and integrate security into their software development lifecycle. (SDLC). The company’s flagship products include TeamMentor secure coding knowledgebase and TeamProfessor, the industry’s largest library of application security eLearning courses that covers all major platforms, technologies and development team roles.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Redis is not only the fastest database, but it has become the most popular among the new wave of applications running in containers. Redis speeds up just about every data interaction between your users or operational systems. In his session at 18th Cloud Expo, Dave Nielsen, Developer Relations at Redis Labs, will shares the functions and data structures used to solve everyday use cases that are driving Redis' popularity.
We’ve worked with dozens of early adopters across numerous industries and will debunk common misperceptions, which starts with understanding that many of the connected products we’ll use over the next 5 years are already products, they’re just not yet connected. With an IoT product, time-in-market provides much more essential feedback than ever before. Innovation comes from what you do with the data that the connected product provides in order to enhance the customer experience and optimize busi...
Manufacturers are embracing the Industrial Internet the same way consumers are leveraging Fitbits – to improve overall health and wellness. Both can provide consistent measurement, visibility, and suggest performance improvements customized to help reach goals. Fitbit users can view real-time data and make adjustments to increase their activity. In his session at @ThingsExpo, Mark Bernardo Professional Services Leader, Americas, at GE Digital, will discuss how leveraging the Industrial Interne...
In his session at 18th Cloud Expo, Sagi Brody, Chief Technology Officer at Webair Internet Development Inc., will focus on real world deployments of DDoS mitigation strategies in every layer of the network. He will give an overview of methods to prevent these attacks and best practices on how to provide protection in complex cloud platforms. He will also outline what we have found in our experience managing and running thousands of Linux and Unix managed service platforms and what specifically c...
The increasing popularity of the Internet of Things necessitates that our physical and cognitive relationship with wearable technology will change rapidly in the near future. This advent means logging has become a thing of the past. Before, it was on us to track our own data, but now that data is automatically available. What does this mean for mHealth and the "connected" body? In her session at @ThingsExpo, Lisa Calkins, CEO and co-founder of Amadeus Consulting, will discuss the impact of wea...
Increasing IoT connectivity is forcing enterprises to find elegant solutions to organize and visualize all incoming data from these connected devices with re-configurable dashboard widgets to effectively allow rapid decision-making for everything from immediate actions in tactical situations to strategic analysis and reporting. In his session at 18th Cloud Expo, Shikhir Singh, Senior Developer Relations Manager at Sencha, will discuss how to create HTML5 dashboards that interact with IoT devic...
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
Artificial Intelligence has the potential to massively disrupt IoT. In his session at 18th Cloud Expo, AJ Abdallat, CEO of Beyond AI, will discuss what the five main drivers are in Artificial Intelligence that could shape the future of the Internet of Things. AJ Abdallat is CEO of Beyond AI. He has over 20 years of management experience in the fields of artificial intelligence, sensors, instruments, devices and software for telecommunications, life sciences, environmental monitoring, process...
The IoTs will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, will demonstrate how to move beyond today's coding paradigm and share the must-have mindsets for removing complexity from the development proc...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
Many private cloud projects were built to deliver self-service access to development and test resources. While those clouds delivered faster access to resources, they lacked visibility, control and security needed for production deployments. In their session at 18th Cloud Expo, Steve Anderson, Product Manager at BMC Software, and Rick Lefort, Principal Technical Marketing Consultant at BMC Software, will discuss how a cloud designed for production operations not only helps accelerate developer...
A critical component of any IoT project is the back-end systems that capture data from remote IoT devices and structure it in a way to answer useful questions. Traditional data warehouse and analytical systems are mature technologies that can be used to handle large data sets, but they are not well suited to many IoT-scale products and the need for real-time insights. At Fuze, we have developed a backend platform as part of our mobility-oriented cloud service that uses Big Data-based approache...
Peak 10, Inc., has announced the implementation of IT service management, a business process alignment initiative based on the widely adopted Information Technology Infrastructure Library (ITIL) framework. The implementation of IT service management enhances Peak 10’s current service-minded approach to IT delivery by propelling the company to deliver higher levels of personalized and prompt service. The majority of Peak 10’s operations employees have been trained and certified in the ITIL frame...
trust and privacy in their ecosystem. Assurance and protection of device identity, secure data encryption and authentication are the key security challenges organizations are trying to address when integrating IoT devices. This holds true for IoT applications in a wide range of industries, for example, healthcare, consumer devices, and manufacturing. In his session at @ThingsExpo, Lancen LaChance, vice president of product management, IoT solutions at GlobalSign, will teach IoT developers how t...
As the rapid adoption of containers continues, companies are finding that they lack the operational tools to understand the behavior of applications deployed in these containers, and how to identify issues in their application infrastructure. For example, how are multiple containers within an application impacting each other’s performance? If an application’s service is degraded, which container is to blame? In the case of an application outage, what was the root cause of the outage?