We integrate Automated Security Testing into your software delivery pipeline and optimize it for your targets using open source tooling such as OWASP ZAP.
With automated security tests a large number of security leaks can be detected. It particularly lends itself for significant vulnerabilities in the injection category, for example SQL injection, Cross-Site Scripting, XML injection and so on.
Your organization is always ready for Automated Security Testing. From a young ad hoc environment to a more mature infrastructure and all in-between. Don't hesitate to tell us about your project. We will be more than happy to discuss the possibilities with you, free of charge.
Automated Security Testing can be implemented in your software development life cycle. Automated functional tests (with Selenium for example) can be used to improve the coverage of the security tests.
Each time a developer makes a change or addition to an application, the security scans will automatically start scanning for security-related issues. This creates a short feedback loop to the developers, which eventually will result in more security awareness within the development team. In theory, a developer receives feedback of the encountered security issues within couple hours after submitting his or her code and updating the environment.
The findings from the security scans are integrated in ThreadFix. Optionally the findings can be integrated in any existing dashboard. The state of your application and security findings will be clear in a single glance. The reports include detailed information about the vulnerability. We demonstrate findings, answer questions and help you get things fixed.
During the intake (free of charge) we discuss your project and tell you more about us and our modus operandi. The main purpose is to collect all the information we need to create our proposal (plan of action).
You will receive our proposal, including a detailed overview of the activities, deliverables, planning and costs.
When the proposal is accepted, we deliver a list of all the things that need to be prepared for the implementation of Automated Security Testing.
The implementation of Automated Security Testing will be executed in the planned time window.
Once the initial implementation is done, we stay on-scene to test the tool and review its findings. We make sure the implementation works flawless in your environment.
After a successful implementation, we deliver support in the form of reviewing findings within ZAP and continuously optimizing test scripts for your applicationions.