Combining Application Penetration Testing, Code Review and Developer Training
Delivers Layered Security to Organizations
CHICAGO (May 23, 2008) – Trustwave, the leading provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations throughout the world, announces a new holistic approach to application security, including application penetration testing, secure code review, and customized secure developer training. The services will be delivered by Trustwave’s SpiderLabs – the advanced security team at Trustwave responsible for incident response and forensics, ethical hacking and application security tests.
An application penetration test examines Web-based applications that are made available to consumers, employees or business partners. Web-based applications are often vulnerable to exploits or hacks due to poor application development standards or human mistakes.
Trustwave’s application penetration test is an attack simulation that is intended to expose the ineffectiveness of an application`s security controls by highlighting risks posed by exploitable vulnerabilities. Through years of experience, Trustwave has created a testing model built around a manual testing process intended to go much further than the generic responses and false positive findings provided by automated application assessment tools. These tests include, but are not limited to: logic flaws, input validation, buffer overflow, cross site scripting, URL manipulation, and SQL injection.
The testing results provide a detailed deliverable with tactical and strategic recommendations that are both advisory and actionable in nature. This practice aids clients in pinpointing flaws and mitigating the risk of compromise, adding an additional security layer.
Internal developers creating Web-based applications are not always aware of current security risks, vulnerabilities or exploits. Therefore, Trustwave works with organization’s internal developers to improve the development process and deliver a more secure product during an application code review. Trustwave conducts detailed inspections of application source code and assesses the security posture of the tools and commercial applications used to create and run the front and back-end services.
As a supplement to performing code review, Trustwave provides a customized training class to an organization`s developers based upon industry best practices and the results of the actual reviews performed. This service, secure developer training, has been found to be more effective in mitigating future secure coding errors by developers because they are trained on examples taken from their applications.
“By aggregating information regarding the actual security posture of our Web-based applications, Trustwave was able to then teach our internal development team ways in which we could remediate risk and eliminate vulnerabilities that could have potentially affected our customers,” says Greg Hanson, CIO, Geeks.com. “We conducted secure developer training as an industry best practice that enhanced our security capabilities, while also protecting our organization’s critical assets.”
“Through our experience in delivering specialized security services such as application testing and computer forensics and incident response, Trustwave provides the highest level of security to all of our customers by leveraging our knowledge of real-world incidents in the field, and tying it back to a solution-based approach,” says Robert J. McCullen, chairman and CEO of Trustwave. “It is this layered approach, combined with customized education tools that prevent exploitable vulnerabilities from entering our client’s domain.”
Trustwave has responded to hundreds of security incidents, performed thousands of ethical hacking exercises and security tested hundreds of business applications for Fortune 500 businesses.
Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today’s challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper® compliance management software and other proprietary security solutions. Trustwave has helped more than 30,000 organizations-ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, Europe, Africa, China and Australia.