WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Technology Software Products Wednesday, September 23, 2020 
Add Press Release News | News Feeds Feeds | Email This News Email


NetSPI Brings Scale, Agility, and Speed to Static Application Security Testing and Secure Code Review
Wednesday, August 5, 2020

To be debuted at the Black Hat 2020 Virtual Conference, August 1-6, the new services are designed to identify application security vulnerabilities earlier in the software development life cycle

MINNEAPOLIS, July 28, 2020 /PRNewswire/ -- To mitigate possible security vulnerabilities early in the fast-paced software development life cycle process, today NetSPI, the leader in enterprise security testing and vulnerability management, launched Static Application Security Testing (SAST) and Secure Code Review (SCR) services. An element of NetSPI's efforts to revamp the way businesses view application security, the new services aid development teams in establishing a more strategic approach to building secure applications. Key to NetSPI's multi-level secure code review services involving SAST and SCR is a thorough inspection of source and compiled code to ensure security risks are eliminated before software is deployed to production, at which time the cost of remediation could increase exponentially.

"With Continuous Integration/Continuous Deployment [CI/CD] increasingly becoming the backbone of the modern DevOps environment, it's more important than ever to detect and address vulnerabilities through Static Application Security Testing and Source Code Review processes, a service that is complementary to an organization's penetration testing efforts," said Nabil Hannan, managing director at NetSPI. "Both testing functions enable more comprehensive vulnerability detection and, in many cases, identify vulnerabilities that are not possible to discover during dynamic testing and analysis."

NetSPI's SAST and SCR services are offered in various engagement structures, giving application and software development teams options to leverage the appropriate level of testing depth to detect, validate, and resolve security issues based on the business criticality and risk profile of their applications. The services are also a solution to adhere to application development compliance standards, including PCI DSS and HIPAA. NetSPI's SAST and SCR offerings include:

    --  Static Application Security Testing (SAST)--A static analysis performed
        with a combination of commercial, open source and proprietary SAST
        tools, resulting in an assessment report from NetSPI that describes
        found vulnerabilities and actionable remediation guidance. Additionally,
        NetSPI offers a streamlined, more economical SAST service which focuses
        on testing around the Open Web Application Security Project(® )(OWASP)
        Top 10 vulnerabilities.
    --  Static Application Security Testing (SAST): Triaging--As an augmentation
        to an organization's internal use of SAST tools in Application Security
        Programs, NetSPI offers triage services. By analyzing the data and
        assigning degrees of urgency on behalf of the security teams, NetSPI can
        validate the exploitability of vulnerabilities to remove any false
        positive findings, allowing development teams the time to focus
        exclusively on remediation.
    --  Secure Code Review (SCR)--Building off the SAST offerings, NetSPI's SCR
        offering employs cyber security experts to review underlying frameworks
        and libraries that are being leveraged to build the application. From
        there, manual testers identify vulnerabilities that automated scanners
        cannot detect, such as complex injection attacks, insecure error
        handling as well as authentication and authorization issues.
        Additionally, NetSPI offers a streamlined, more economical SCR service
        which focuses only on reporting around the Open Web Application Security
        Project(® )(OWASP) Top 10 vulnerabilities.

Unique to NetSPI is its instructor-led training program around secure coding and remediation for development teams, made available to clients after completion of Static Application Security Testing (SAST) or Secure Code Review (SCR) engagements. Available for up to a class size of 20, NetSPI's one-day training program details the top five categories of vulnerabilities identified in the SAST or SCR engagement and provides insights specific to that organization as well as remediation or mitigation techniques.

"We've seen a movement to the left, in terms of prioritizing SCR earlier in the SDLC process as Application Security Programs have evolved," said Hannan. "We support this strategic approach to security as it is critical to identify and remediate vulnerabilities, and in some cases even prevent them, during the software development phase."

On Wednesday, August 5 at 11:20am PST, NetSPI's Managing Director Nabil Hannan and Product Manager Jake Reynolds will lead a Black Hat virtual session on building a successful application security program - register for free here. To learn more about Secure Code Review (SCR) and Static Application Security Testing (SAST) from NetSPI visit netspi.com/security-testing/secure-code-review/ or email heather.rubash@netspi.com to schedule an introductory call or a virtual briefing with the team at Black Hat 2020.

About NetSPI
NetSPI is the leader in enterprise security testing and vulnerability management. We are proud to partner with seven of the top ten U.S. banks, three of the world's five largest health care companies, the largest global cloud providers, and many of the Fortune® 500. Our experts perform deep dive manual penetration testing of application, network, and cloud attack surfaces. We uniquely deliver Penetration Testing as a Service (PTaaS) through our Resolve platform. Clients love PTaaS for the simplicity of scoping new engagements, viewing their testing results in real-time, orchestrating remediation, and the ability to perform always-on continuous testing. We find vulnerabilities that others miss and deliver clear, actionable recommendations allowing our customers to find, track and fix their vulnerabilities faster. Follow us on Facebook, Twitter and LinkedIn.

Contact:
Tori Norris
tori@maccabee.com
612-294-3100

View original content to download multimedia:http://www.prnewswire.com/news-releases/netspi-brings-scale-agility-and-speed-to-static-application-security-testing-and-secure-code-review-301101072.html

SOURCE NetSPI



Email This News Email | Submit To Slashdot Slashdot | Submit To Digg.com Digg | Submit To del.icio.us Del.icio.us | News Feeds Feeds

RELATED NEWS ARTICLES
Nav Inc. Magazine Unveils Its Annual List of America's Fastest-Growing Private Companies--the Inc. 5000 | Sep 23, 2020
Nav SportsEngine, Inc. Forms Partnership with Virtual Training Application, MaxOne | Sep 23, 2020
Nav Commvault Achieves AWS Outposts Ready designation | Sep 23, 2020
Nav RedShield appoints Cybersecurity veteran Kate Kuehn as Board Director | Sep 23, 2020
Nav JourneyPure & Mindyra Health announce their strategic partnership designed to dramatically improve the lives of individuals | Sep 23, 2020
Nav New Starter Kits Provide Inexpensive Entry into Balluff IO-Link | Sep 23, 2020
Nav The drug modeling software market was valued at US$ 6,205.22 million in 2019 and is projected to reach US$ 11,299.85 million by 2027; it is expected to grow at a CAGR of 8.1% during 2020-2027 | Sep 23, 2020
Nav AkitaBox Releases Inspection Software, Growing Portfolio of Facility Management Applications | Sep 23, 2020
Nav Pure Storage Brings FlashBlade to AWS Outposts, Delivering a Hybrid Cloud Infrastructure Solution for Modern Data | Sep 23, 2020
Nav Pure Storage to Acquire Portworx, Creating the Industry's Most Complete Kubernetes Data Services Platform for Cloud Native Applications | Sep 23, 2020
NEWS SEARCH

FEATURED NEWS | POPULAR NEWS
Submit News | View More News View More News