By Security Innovation, an authority in Application Security assessment, standards and training, announces the availability of a hosted application security testing, remediation and reporting platform. For organizations with many applications to secure, MAST provides an optimized process to manage threats by ensuring that the appropriate level of security testing is applied. Built upon a multi-tiered platform, MAST is flexible enough to address the varying needs and characteristics of any organization's specific application landscape.
Designed for all application types, assessments range from a deep inspection conducted by world-class security engineers, to a combination of manual/automated testing with expert verification of vulnerabilities, to a rapid automated scan with engineering analysis to remove false positives. This approach helps ensure maximum ROI through decreased costs, shortened test cycles and reduced time-to-fix. Additionally, because MAST does not require organizations to have hardware or infrastructure in place to begin application security testing, it can be launched in as little as a day.
A 2013 Ponemon Institute research study titled The Current State of Application Security revealed that only 43% of organizations have a security testing process in place. Additionally, less than half the respondents say their organizations measure application security risk and believe it is well understood and even fewer use risk metrics to guide application security decision-making.
"Security relies heavily on consistency, and good metrics are critical to achieving that consistency," said Wendy Nather, Research Director at 451 Research. "This is especially the case with software security. More enterprises are using regular testing and measurement across their application portfolios to get a better handle on their overall risk."
Regular and iterative assessments ensure that problems are caught before they propagate. Additionally, they enable risk trend analysis, which helps organizations make more informed remediation and security investment decisions. From a cost perspective, MAST ensures a practical approach to help organizations determine the optimal application testing needed, which typically yield a 20% to 30% reduction in cost over individual testing services, according to company data.
"Application assessments should not be a one size fits all solution. Business critical applications require significant time and effort while low risk applications may require a very light touch," said Edward Adams, CEO of Security Innovation. "Optimization around frequency and depth of testing based upon application criticality and business risk can help improve ROI by enabling investment in the areas where it is needed most and over-spending in low-risk areas."
About MAST
Designed to fit the budget of all sized
organizations, MAST helps meet your application security vulnerability
management goals by identifying and prioritizing vulnerabilities, and
providing detailed remediation guidance in the specific technology or
platform being used. For high-risk applications, a threat model is
created to identify the most critical threats to the application and to
construct customized test plans that target high-risk areas.
Features & Benefits:
- Multiple Security Testing Options: three tiers of services based on the risk profile and business criticality of the software. Security tests can be conducted monthly, quarterly and ad-hoc.
- Accurate and expansive vulnerability reporting: expert analysis of findings minimizes false positives and ensures business logic and other vulnerabilities that can't be found with other approaches are looked for.
- "Always Up" online portal: to review assessment results, analyze trends, schedule regular and ad-hoc application tests and gain access to expert consultants.
- Integrates with market-leading training platform: get direct access to TeamProfessor eLearning courses and TeamMentor secure development knowledgebase for ongoing developer training and vulnerability remediation
About Security Innovation
Security Innovation offers solutions based on the three pillars of the Software Development Lifecycle (SDLC): standards, education and assessment. For over a decade, Security Innovation has helped organizations build internal expertise, uncover critical vulnerabilities and integrate security into their software development lifecycle. (SDLC). The company's flagship products include TeamMentor secure coding knowledgebase and TeamProfessor, the industry's largest library of application security eLearning courses that covers all major platforms, technologies and development team roles.
Security Innovation
Maureen Robinson, 978-390-3299
mrobinson@securityinnovation.com
