AsTech's Paragon Security Program Secures Internet Applications
Chief of Security Strategy - SentinelOne
Founder - WhiteHat Security
According to recent surveys from Verizon and The Ponemon Institute, Internet applications are now the attack vector of choice for hackers. For most of our 20-year history, we have been assessing the risk of Internet-facing applications and building secure SDLC programs. This gives us the confidence to guarantee our services. We know how to find security issues, analyze them to minimize false positives and eliminate false negatives, while determining the 'real world risk' these vulnerabilities present.
With a Paragon Security Program (PSP) subscription, we guarantee that you won't be hacked by a covered vulnerability. No other source code analysis service provider offers this guarantee, backed by a well-known, global insurance company.
The AsTech Paragon Security Program will take your software development lifecycle to the next level of security. We not only guarantee that we won't fail to discover vulnerabilities during our assessments, but our experts will work with your developers every step of the way to get those vulnerabilities resolved.
The first step is a baseline source code assessment of your application, and from there we tailor the service to your build and release cycles so that you have fresh results at the optimal time for efficient remediation. We've never missed a vulnerability leading to a breach in the 20 years since our inception, and we guarantee we won't miss anything in your application.
After vulnerability discovery, AsTech will prioritize and categorize these risks to reflect the real-world threat that they represent and create a customized, executable remediation plan. If desired, we will work through that plan with your own developers to build security and knowledge into your SDLC. We also offer Secure Development Training to developers in any size of organization.
If our PSP is not right for every scenario, there are varying depths of application security analyses we can provide, all of which deliver actionable results. At a minimum, AsTech will complete a scan of software using automated tools which are effective at discovering common vulnerabilities and mapping the data flow of an application.
For those applications that require a deeper dive than an automated scan, AsTech security experts map the 'attack surface' of the application and complete a more in-depth analysis. This entails our security developers/engineers searching for vulnerabilities that automated scanning tools cannot find, in the source code components that make up that attack surface.
With any level of assessment, the results are a set of vulnerabilities prioritized on risk and level of effort to address, along with remediation recommendations.
AsTech's Application Security Experts all have significant development experience and understanding of programming practices using a variety of frameworks. We have been delivering these types of application security assessments and programmatical integrations for nearly two decades, with many recurring customers. With those years of experience, we recognize the limitations of scanning tools, and continuously optimize our methodology to map the attack surface and zero-in on vulnerabilities in the most efficient manner. We are adept at vetting results - weeding out false positives and more importantly, not allowing any false negative findings through our process - Guaranteed.
Of course, Terms and Conditions will apply.
AsTech engineers scan source code and map the application with automated tools designed for this purpose. Next, we define the attack surface of the application and complete a more in-depth examination of source code searching for security vulnerabilities that automated tools cannot find. This includes issues related to application logic or architecture.
AsTech engineers will analyze each security issue - vetting false postives and using human intelligence to triangulate on the most severe security issues. All the while staying in contact with client partners to exchange information and knowledge, allowing us to recommend the most effective source code vulnerability 'fixes'.
The deliverable from this type of effort includes a detailed description of each type of vulnerability found during the process, so that developers can understand the security issue. Depending on client partner wishes, we deliver remediation recommendations or a full remediation plan for increasing security for the application.