Automated Application Security Testing
While traditional development processes usually demanded a manual penetration test at the end of the development phase as a measurement for the security of the application, nowadays, the goal is to move towards earlier and automated processes to achieve higher cost savings and a lower time to market. Tools regularly scan running applications as well as source code. A consultant analyzes the results and adds necessary bug tickets to the backlog of the team. This process enables a deployment in shorter intervals and thus reduces the latency between development investment and revenue from production. At the same time, an early detection of vulnerabilities allows for quick fixes, that are significantly less expensive than a comparable clean-up phase shortly before going live.
We assist you:
- consulting regarding the choice of appropriate tools according to the used technologies and processes
- setup of a fitting testsuite for the integration in the existing development environment and processes
- evaluation of the results and alarm in case of critical vulnerabilities
- support with the removal of vulnerabilities and verification of the patches
- Threat Modelling
- Secure Coding Guidelines
- Agile Security & Secure DevOps
- Case Study: Automated Testing as the basis for scalable Security Support
Our Lean Application Security approach to developing secure applications from the ground up, seamlessly integrating with modern agile development models and DevOps processes.