Are you developing trustworthy software?
According to a 2013 study by Aspect Security, enterprise web applications and web services contained 22.4 MILLION serious vulnerabilities. The 2014 Verizon Data Breach Incident Report identified web application vulnerabilities as the leading cyber-crime vector at 36%. There are good reasons for this: IDC, Gartner, and others have found that too much code, too few experts, and too little time creates pressures that thwart efforts to develop secure code.
Build Security in at the Application Level with our EC:Develop Process
Decades of experience developing large-scale secure systems for a variety of regulated industries led to our creating EC:Develop, our standardized method for creating software products and applications. EC:Develop blends the best of agile development with secure development practices based on libraries and processes published by the Open Web Application Security Project (OWASP Developer and Testing Guides, OWASP Java Encoder and HTML Sanitizer, ZAP proxy for dynamic security testing), National Institute of Standards and Technology (NIST 800.53), International Standards Organization (ISO 27002 and Center for Internet Security (CIS Critical Security Controls).
Key aspects of the process are 2-3 week develop and test cycles with deployments to acceptance test environments at the end of each cycle, built-in unit and integration testing, vulnerability assessment using Contrast Enterprise, and transparent review of security and code quality.
EC Wise believes in automating any critical or repetitive process; Agile Platform Development requires automation; and Secure Agile Platform Development would be impossible without such automation. By incorporating both Compile and Runtime automation into our processes, EC Wise enables timely, repetitive, and incremental functional deployment of deliverables produced in short “sprints” (often no longer than one or two weeks).
Exposure analysis and mitigation with EC:Develop
Armed with code analysis tools and practices from OWASP and with Contrast Security’s First of its Kind Cyber Security Product that unifies vulnerability detection and attack protection, we can quickly implement a proof of concept that allows you to see attacks in real time, and identify the application vulnerabilities that the attackers are exploiting.
The Contrast Enterprise product, a key component of the EC:Develop process, provides three layers of defense: Protection, Assurance and Visibility. These layers are integrated to deliver personalized protection for an entire application portfolio.