AsTech, a leader in Application Security, Network Security, Secure Development and Security Training
Since our founding in 1997 we’ve been helping Fortune 1000 companies meet the challenge of securing their vital information assets.
We began by working with Financial Institutions to design and implement secure network solutions. However, we soon realized that the growth of e-commerce and the prevalence of web applications had fundamentally shifted the nature of business, and this highlighted the need for new approaches to information security. In 2001 we performed what might have been the very first source code security assessment for a major financial institution.
Since then, we’ve built on that experience to offer a full suite of services related to application security. It’s our mission to enhance the capability maturity of our clients, by introducing proven best practices, processes, tools, and key metrics into every phase of the Secure Development Lifecycle. AsTech can help your organization optimize its application security program, regardless of your development platform or specific business drivers. We know that every software development organization has unique business objectives, risk appetites, resource constraints, development methodologies, and time-to-market concerns. We’re experts at working with our clients to find highly effective, cost-efficient solutions designed to maximize Return on Security Investment.
Our goal is to give your organization a strategic roadmap for continuous improvement, one that will scale with the needs of your business over time. We know there are no one-size-fits-all solutions. That’s why we tailor every solution to the unique requirements of your environment, without trying to sell you more than you need.
I wrote a little while back about the AppSec Serenity Prayer and talked about things you can and can’t control in terms of your application security. The recent BrowseAloud incident is a perfect reaso...
While working onsite with a client something popped into the Incident Response Queue and the client had to leap into action.
As I was doing some training the other day I came across some rather interesting bugs in a commonly used technology: JSON Web Tokens (JWT). Although JWT itself is fundamentally secure, some implementa...