Application Security Testing, as an industry, has grown exponentially over recent years as more companies and developers acknowledge the ever increasing threat of exploitations and vulnerabilities being found and abused by online “Cyber Criminals”.
Throughout the entire development lifecycle of an application, it should be going through multiple stage-gates which test and re-test that part of the application based on the best standard of security principles and policies right the way through from design through to deployment and maintenance.
However, significant costs are entailed by any company who wish to respond to best security practice, frameworks and governance. It requires significant business justification to spend the time, money and resources necessary to achieve an acceptable level of security and for many companies, this investment is simply not viable and they seek to outsource the work via third parties.
Many would argue that Application Security Testing is a non-core process and that, certainly from financial perspective, it makes sense to automatically outsource the process (dependant on size and volume of testing/development) however there is still the question of whether it’s acceptable for the company to outsource such a vitally important part of their development process to a third party. Over the course of the last few years several companies have become highly established in this market and offer most, if not all of the services likely to be required to facilitate their clients’ needs. They all afford different combinations of SAST (Static), DAST (Dynamic) and IAST (Interactive) approaches recognised by organisations such as Gartner in their Annual AST Review, as a critical combination to ensure an adequate level of testing.
It’s worth noting that although many people view applications as purely a front end operation, for comprehensive testing these companies combine not only the client side, but also the server side and back office. As the consumer relies on more and more applications and services coming to their laptops and more notably, their mobile devices, the services offered by specialist AST Companies will only become not only more resource viable but increasingly financially viable.
To find out more about Application Security Testing please contact Matthew Wheeler on 01628 857333 or matthew.wheeler@bps-world.com