AsTech Consulting - Press Room



Home Solutions Application Security Ethical Hacking Security Assessment Coding Standards Secure Development FISAP Insights About AsTech Company Overview AsTech Difference Press Room Client List CMAS Certification FISAP Contact Us
	Media Contact: Kate Ennis (301) 580-6726 PDF version For Immediate Release RELYING ON AUTOMATED APPLICATION SECURITY SCANS AND ANALYSES LEAVE INTERNET-FACING COMPANIES AT RISK, ACCORDING TO ASTECH WHITE PAPER SAN FRANCISCO, California, August 14, 2008-Choosing an application risk assessment program is a challenge for IT professionals seeking to balance potential risks with the cost of mitigating those risks. AsTech consulting shares its insights - gained after ten years consulting for financial services and other companies on information security - in a new white paper, "Mapping the Application Security Terrain: Choosing an Appropriate Application Security Assessment Process." "The very act of measuring security, performance or reliability has an associated variable cost based upon the precision and thoroughness of the analysis," according to Carl Schwarcz, AsTech Director of Application Security, who authored the paper. An application security assessment process is the method of identifying application security vulnerabilities so the business can make informed decisions concerning risk management that include the evaluation of the financial and opportunity costs associated with mitigating risks. Although AsTech recognizes the benefits of best-of-breed automatic external scanning and automatic static source code analysis tools, they explain that both processes have coverage gaps that can leave companies at risk. "The main limitation of these automated tools is that they currently can only find approximately 30 percent of the types of security vulnerabilities that should be evaluated in a security assessment," according to the paper. The paper recommends companies consider options which blend manual and automated analyses. Read the entire paper at http://www.astechconsulting.com/files/ Mapping_the_Application_Security_Terrain.pdf. About AsTech Consulting AsTech Consulting (www.astechconsulting.com) has been providing information security services to Fortune 1000 companies since 1997. We assist clients in the understanding of the security posture of their IT infrastructure and to develop risk management strategies based on this knowledge.	About AsTech Company Overview AsTech Difference Client List CMAS Certification FISAP
Home \| Security Solutions \| Insights \| About AsTech \| Contact Us		Privacy Policy
(888) 777-5995 info@astechconsulting.com		©2008 AsTech Consulting