The Prevalent Application Security Testing Program begins by identifying the set of critical applications and supporting infrastructure to evaluate. These might be grouped within a specific scope (e.g. Internet facing or PCI applications), those that inherently represent the highest risk, and/or those that are the most widely used. Once this has been identified, Prevalent will work with you to identify the criticality of the applications as well as map the appropriate Veracode policy.
Your application binaries will then be sent to the platform for analysis and Prevalent will scan and manually review the supporting infrastructure components. Once Veracode and Prevalent have compiled the results of the initial assessment, a remediation plan and executive presentation will be developed. In the results meeting, Prevalent will review the overall findings against your policy to identify whether your internal and/or third party apps are meeting your standards. The remediation plan will be reviewed and guidance will be offered for on-going testing and reporting.
The Prevalent Application Security Testing Program with Veracode starter bundle offers you a programmatic approach to application security testing that will jumpstart this effort. The program is designed to:
- Reduce your costs over other application security testing programs.
- Dramatically reduce your organizations application risk.
- Offer insight into what applications are more secure in your environment.
- Offer visibility into how securely code is developed across your critical applications.
- Provide a remediation plan for your critical applications
- Provide a platform for on-going analysis and trend reporting.
In all, the effort should take about 2-3 weeks from start to finish and offer significant insight into how securely your development team is coding and/or how secure your third party software is written against its criticality in the environment. With the use of this programmatic approach and the Veracode platform we are able to offer this program at a significant discount over other manual-only methods of application security review.