Welcome!

News Feed Item

Security Innovation Announces a Managed Application Security Testing (MAST) Service to Help Enterprises Mitigate the Risk of Cyber Crime

Security Innovation, an authority in Application Security assessment, standards and training, announces the availability of a hosted application security testing, remediation and reporting platform. For organizations with many applications to secure, MAST provides an optimized process to manage threats by ensuring that the appropriate level of security testing is applied. Built upon a multi-tiered platform, MAST is flexible enough to address the varying needs and characteristics of any organization’s specific application landscape.

Designed for all application types, assessments range from a deep inspection conducted by world-class security engineers, to a combination of manual/automated testing with expert verification of vulnerabilities, to a rapid automated scan with engineering analysis to remove false positives. This approach helps ensure maximum ROI through decreased costs, shortened test cycles and reduced time-to-fix. Additionally, because MAST does not require organizations to have hardware or infrastructure in place to begin application security testing, it can be launched in as little as a day.

A 2013 Ponemon Institute research study titled The Current State of Application Security revealed that only 43% of organizations have a security testing process in place. Additionally, less than half the respondents say their organizations measure application security risk and believe it is well understood and even fewer use risk metrics to guide application security decision-making.

“Security relies heavily on consistency, and good metrics are critical to achieving that consistency,” said Wendy Nather, Research Director at 451 Research. “This is especially the case with software security. More enterprises are using regular testing and measurement across their application portfolios to get a better handle on their overall risk."

Regular and iterative assessments ensure that problems are caught before they propagate. Additionally, they enable risk trend analysis, which helps organizations make more informed remediation and security investment decisions. From a cost perspective, MAST ensures a practical approach to help organizations determine the optimal application testing needed, which typically yield a 20% to 30% reduction in cost over individual testing services, according to company data.

“Application assessments should not be a one size fits all solution. Business critical applications require significant time and effort while low risk applications may require a very light touch,” said Edward Adams, CEO of Security Innovation. “Optimization around frequency and depth of testing based upon application criticality and business risk can help improve ROI by enabling investment in the areas where it is needed most and over-spending in low-risk areas.”

About MAST
Designed to fit the budget of all sized organizations, MAST helps meet your application security vulnerability management goals by identifying and prioritizing vulnerabilities, and providing detailed remediation guidance in the specific technology or platform being used. For high-risk applications, a threat model is created to identify the most critical threats to the application and to construct customized test plans that target high-risk areas.

Features & Benefits:

  • Multiple Security Testing Options: three tiers of services based on the risk profile and business criticality of the software. Security tests can be conducted monthly, quarterly and ad-hoc.
  • Accurate and expansive vulnerability reporting: expert analysis of findings minimizes false positives and ensures business logic and other vulnerabilities that can’t be found with other approaches are looked for.
  • “Always Up” online portal: to review assessment results, analyze trends, schedule regular and ad-hoc application tests and gain access to expert consultants.
  • Integrates with market-leading training platform: get direct access to TeamProfessor eLearning courses and TeamMentor secure development knowledgebase for ongoing developer training and vulnerability remediation

About Security Innovation

Security Innovation offers solutions based on the three pillars of the Software Development Lifecycle (SDLC): standardseducation and assessment. For over a decade, Security Innovation has helped organizations build internal expertise, uncover critical vulnerabilities and integrate security into their software development lifecycle. (SDLC). The company’s flagship products include TeamMentor secure coding knowledgebase and TeamProfessor, the industry’s largest library of application security eLearning courses that covers all major platforms, technologies and development team roles.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Identity is in everything and customers are looking to their providers to ensure the security of their identities, transactions and data. With the increased reliance on cloud-based services, service providers must build security and trust into their offerings, adding value to customers and improving the user experience. Making identity, security and privacy easy for customers provides a unique advantage over the competition.
CenturyLink has announced that application server solutions from GENBAND are now available as part of CenturyLink’s Networx contracts. The General Services Administration (GSA)’s Networx program includes the largest telecommunications contract vehicles ever awarded by the federal government. CenturyLink recently secured an extension through spring 2020 of its offerings available to federal government agencies via GSA’s Networx Universal and Enterprise contracts. GENBAND’s EXPERiUS™ Application...
"We've discovered that after shows 80% if leads that people get, 80% of the conversations end up on the show floor, meaning people forget about it, people forget who they talk to, people forget that there are actual business opportunities to be had here so we try to help out and keep the conversations going," explained Jeff Mesnik, Founder and President of ContentMX, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Isomorphic Software will exhibit at DevOps Summit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Isomorphic Software provides the SmartClient HTML5/AJAX platform, the most advanced technology for building rich, cutting-edge enterprise web applications for desktop and mobile. SmartClient combines the productivity and performance of traditional desktop software with the simp...
"When you think about the data center today, there's constant evolution, The evolution of the data center and the needs of the consumer of technology change, and they change constantly," stated Matt Kalmenson, VP of Sales, Service and Cloud Providers at Veeam Software, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Redis is not only the fastest database, but it is the most popular among the new wave of databases running in containers. Redis speeds up just about every data interaction between your users or operational systems. In his session at 19th Cloud Expo, Dave Nielsen, Developer Advocate, Redis Labs, will share the functions and data structures used to solve everyday use cases that are driving Redis' popularity.
I wanted to gather all of my Internet of Things (IOT) blogs into a single blog (that I could later use with my University of San Francisco (USF) Big Data “MBA” course). However as I started to pull these blogs together, I realized that my IOT discussion lacked a vision; it lacked an end point towards which an organization could drive their IOT envisioning, proof of value, app dev, data engineering and data science efforts. And I think that the IOT end point is really quite simple…
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
You think you know what’s in your data. But do you? Most organizations are now aware of the business intelligence represented by their data. Data science stands to take this to a level you never thought of – literally. The techniques of data science, when used with the capabilities of Big Data technologies, can make connections you had not yet imagined, helping you discover new insights and ask new questions of your data. In his session at @ThingsExpo, Sarbjit Sarkaria, data science team lead ...
To leverage Continuous Delivery, enterprises must consider impacts that span functional silos, as well as applications that touch older, slower moving components. Managing the many dependencies can cause slowdowns. See how to achieve continuous delivery in the enterprise.
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, discussed the importance of WebRTC and how it enables companies to focus...
"My role is working with customers, helping them go through this digital transformation. I spend a lot of time talking to banks, big industries, manufacturers working through how they are integrating and transforming their IT platforms and moving them forward," explained William Morrish, General Manager Product Sales at Interoute, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Up until last year, enterprises that were looking into cloud services usually undertook a long-term pilot with one of the large cloud providers, running test and dev workloads in the cloud. With cloud’s transition to mainstream adoption in 2015, and with enterprises migrating more and more workloads into the cloud and in between public and private environments, the single-provider approach must be revisited. In his session at 18th Cloud Expo, Yoav Mor, multi-cloud solution evangelist at Cloudy...
Aspose.Total for .NET is the most complete package of all file format APIs for .NET as offered by Aspose. It empowers developers to create, edit, render, print and convert between a wide range of popular document formats within any .NET, C#, ASP.NET and VB.NET applications. Aspose compiles all .NET APIs on a daily basis to ensure that it contains the most up to date versions of each of Aspose .NET APIs. If a new .NET API or a new version of existing APIs is released during the subscription peri...
Security, data privacy, reliability, and regulatory compliance are critical factors when evaluating whether to move business applications from in-house, client-hosted environments to a cloud platform. Quality assurance plays a vital role in ensuring that the appropriate level of risk assessment, verification, and validation takes place to ensure business continuity during the migration to a new cloud platform.