Welcome!

News Feed Item

Security Innovation Announces a Managed Application Security Testing (MAST) Service to Help Enterprises Mitigate the Risk of Cyber Crime

Security Innovation, an authority in Application Security assessment, standards and training, announces the availability of a hosted application security testing, remediation and reporting platform. For organizations with many applications to secure, MAST provides an optimized process to manage threats by ensuring that the appropriate level of security testing is applied. Built upon a multi-tiered platform, MAST is flexible enough to address the varying needs and characteristics of any organization’s specific application landscape.

Designed for all application types, assessments range from a deep inspection conducted by world-class security engineers, to a combination of manual/automated testing with expert verification of vulnerabilities, to a rapid automated scan with engineering analysis to remove false positives. This approach helps ensure maximum ROI through decreased costs, shortened test cycles and reduced time-to-fix. Additionally, because MAST does not require organizations to have hardware or infrastructure in place to begin application security testing, it can be launched in as little as a day.

A 2013 Ponemon Institute research study titled The Current State of Application Security revealed that only 43% of organizations have a security testing process in place. Additionally, less than half the respondents say their organizations measure application security risk and believe it is well understood and even fewer use risk metrics to guide application security decision-making.

“Security relies heavily on consistency, and good metrics are critical to achieving that consistency,” said Wendy Nather, Research Director at 451 Research. “This is especially the case with software security. More enterprises are using regular testing and measurement across their application portfolios to get a better handle on their overall risk."

Regular and iterative assessments ensure that problems are caught before they propagate. Additionally, they enable risk trend analysis, which helps organizations make more informed remediation and security investment decisions. From a cost perspective, MAST ensures a practical approach to help organizations determine the optimal application testing needed, which typically yield a 20% to 30% reduction in cost over individual testing services, according to company data.

“Application assessments should not be a one size fits all solution. Business critical applications require significant time and effort while low risk applications may require a very light touch,” said Edward Adams, CEO of Security Innovation. “Optimization around frequency and depth of testing based upon application criticality and business risk can help improve ROI by enabling investment in the areas where it is needed most and over-spending in low-risk areas.”

About MAST
Designed to fit the budget of all sized organizations, MAST helps meet your application security vulnerability management goals by identifying and prioritizing vulnerabilities, and providing detailed remediation guidance in the specific technology or platform being used. For high-risk applications, a threat model is created to identify the most critical threats to the application and to construct customized test plans that target high-risk areas.

Features & Benefits:

  • Multiple Security Testing Options: three tiers of services based on the risk profile and business criticality of the software. Security tests can be conducted monthly, quarterly and ad-hoc.
  • Accurate and expansive vulnerability reporting: expert analysis of findings minimizes false positives and ensures business logic and other vulnerabilities that can’t be found with other approaches are looked for.
  • “Always Up” online portal: to review assessment results, analyze trends, schedule regular and ad-hoc application tests and gain access to expert consultants.
  • Integrates with market-leading training platform: get direct access to TeamProfessor eLearning courses and TeamMentor secure development knowledgebase for ongoing developer training and vulnerability remediation

About Security Innovation

Security Innovation offers solutions based on the three pillars of the Software Development Lifecycle (SDLC): standardseducation and assessment. For over a decade, Security Innovation has helped organizations build internal expertise, uncover critical vulnerabilities and integrate security into their software development lifecycle. (SDLC). The company’s flagship products include TeamMentor secure coding knowledgebase and TeamProfessor, the industry’s largest library of application security eLearning courses that covers all major platforms, technologies and development team roles.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
SYS-CON Events announced today that FalconStor Software® Inc., a 15-year innovator of software-defined storage solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. FalconStor Software®, Inc. (NASDAQ: FALC) is a leading software-defined storage company offering a converged, hardware-agnostic, software-defined storage and data services platform. Its flagship solution FreeStor®, utilizes a horizonta...
WebSocket is effectively a persistent and fat pipe that is compatible with a standard web infrastructure; a "TCP for the Web." If you think of WebSocket in this light, there are other more hugely interesting applications of WebSocket than just simply sending data to a browser. In his session at 18th Cloud Expo, Frank Greco, Director of Technology for Kaazing Corporation, will compare other modern web connectivity methods such as HTTP/2, HTTP Streaming, Server-Sent Events and new W3C event APIs ...
At first adopted by enterprises to consolidate physical servers, virtualization is now widely used in cloud computing to offer elasticity and scalability. On the other hand, Docker has developed a new way to handle Linux containers, inspired by version control software such as Git, which allows you to keep all development versions. In his session at 17th Cloud Expo, Dominique Rodrigues, the co-founder and CTO of Nanocloud Software, discussed how in order to also handle QEMU / KVM virtual machin...
Silver Spring Networks, Inc. (NYSE: SSNI) extended its Internet of Things technology platform with performance enhancements to Gen5 – its fifth generation critical infrastructure networking platform. Already delivering nearly 23 million devices on five continents as one of the leading networking providers in the market, Silver Spring announced it is doubling the maximum speed of its Gen5 network to up to 2.4 Mbps, increasing computational performance by 10x, supporting simultaneous mesh communic...
Sensors and effectors of IoT are solving problems in new ways, but small businesses have been slow to join the quantified world. They’ll need information from IoT using applications as varied as the businesses themselves. In his session at @ThingsExpo, Roger Meike, Distinguished Engineer, Director of Technology Innovation at Intuit, showed how IoT manufacturers can use open standards, public APIs and custom apps to enable the Quantified Small Business. He used a Raspberry Pi to connect sensors...
Father business cycles and digital consumers are forcing enterprises to respond faster to customer needs and competitive demands. Successful integration of DevOps and Agile development will be key for business success in today’s digital economy. In his session at DevOps Summit, Pradeep Prabhu, Co-Founder & CEO of Cloudmunch, covered the critical practices that enterprises should consider to seamlessly integrate Agile and DevOps processes, barriers to implementing this in the enterprise, and pr...
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, will provide an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data profes...
Eighty percent of a data scientist’s time is spent gathering and cleaning up data, and 80% of all data is unstructured and almost never analyzed. Cognitive computing, in combination with Big Data, is changing the equation by creating data reservoirs and using natural language processing to enable analysis of unstructured data sources. This is impacting every aspect of the analytics profession from how data is mined (and by whom) to how it is delivered. This is not some futuristic vision: it's ha...
The principles behind DevOps are not new - for decades people have been automating system administration and decreasing the time to deploy apps and perform other management tasks. However, only recently did we see the tools and the will necessary to share the benefits and power of automation with a wider circle of people. In his session at DevOps Summit, Bernard Sanders, Chief Technology Officer at CloudBolt Software, explored the latest tools including Puppet, Chef, Docker, and CMPs needed to...
With the Apple Watch making its way onto wrists all over the world, it’s only a matter of time before it becomes a staple in the workplace. In fact, Forrester reported that 68 percent of technology and business decision-makers characterize wearables as a top priority for 2015. Recognizing their business value early on, FinancialForce.com was the first to bring ERP to wearables, helping streamline communication across front and back office functions. In his session at @ThingsExpo, Kevin Roberts...
Let’s face it, embracing new storage technologies, capabilities and upgrading to new hardware often adds complexity and increases costs. In his session at 18th Cloud Expo, Seth Oxenhorn, Vice President of Business Development & Alliances at FalconStor, will discuss how a truly heterogeneous software-defined storage approach can add value to legacy platforms and heterogeneous environments. The result reduces complexity, significantly lowers cost, and provides IT organizations with improved effi...
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
It's easy to assume that your app will run on a fast and reliable network. The reality for your app's users, though, is often a slow, unreliable network with spotty coverage. What happens when the network doesn't work, or when the device is in airplane mode? You get unhappy, frustrated users. An offline-first app is an app that works, without error, when there is no network connection.
Data-as-a-Service is the complete package for the transformation of raw data into meaningful data assets and the delivery of those data assets. In her session at 18th Cloud Expo, Lakshmi Randall, an industry expert, analyst and strategist, will address: What is DaaS (Data-as-a-Service)? Challenges addressed by DaaS Vendors that are enabling DaaS Architecture options for DaaS
One of the bewildering things about DevOps is integrating the massive toolchain including the dozens of new tools that seem to crop up every year. Part of DevOps is Continuous Delivery and having a complex toolchain can add additional integration and setup to your developer environment. In his session at @DevOpsSummit at 18th Cloud Expo, Miko Matsumura, Chief Marketing Officer of Gradle Inc., will discuss which tools to use in a developer stack, how to provision the toolchain to minimize onboa...