On-demand testing and remediation services at the scale you need
Cigital Application Security Testing Managed Services from IBM® deliver scalable scanning, testing and remediation services for your application portfolio. They enable you to perform testing on demand through an annual subscription that simplifies procurement and creates a consistent, predictable way to manage the expense and effort of application security testing.
Cigital Application Security Testing Managed Services from IBM feature:
- Effective web application penetration testing, up-to-date vulnerability insight and expert remediation guidance with low false-positive rates.
- Service-based, flexible application security testing that provides the right level of testing coverage across your application portfolio
- Subscription-based licensing to test any of your applications, at any depth, as often as you need for a fixed price.
Effective web application penetration testing, up-to-date vulnerability insight and expert remediation guidance
- Services use IBM Security AppScan® and run the right testing techniques, prioritize the findings and deliver a concise report of application vulnerabilities—regardless of the scale of your organization or portfolio.
- Dynamic Security Scanning (DSS) uses IBM Security AppScan to identify common vulnerabilities, particularly for internally facing low-risk applications that must comply with regulatory security assessments.
- Automated Ethical Hack (AEH) combines dynamic analysis with light, manual business logic testing to mirror the actions of a hacker for medium-risk applications and critical applications undergoing minor changes.
- Manual Ethical Hack (MEH I and II) represents a thorough assessment that combines deep, automated testing of the application augmented with targeted manual business logic testing. It provides a threat modeling exercise to identify high-risk vulnerabilities that hackers could exploit.
- Services provide visibility of when a test is taking place, the depth of that test and which application is being tested.
Service-based, flexible application security testing
- Focuses development resources on remediating problems rather than learning application security testing tools and acquiring the skills to run them.
- Reduces the impact of application security testing on implementing new applications and features.
- Enables you to inventory applications, determine the risk profile and apply the right level of application security testing to reduce that risk.
- Helps you start a new application security program or augment an existing program during peak or agile development cycles.
- Enables you to change the testing depth or add applications without a new subscription.
- Makes it easier to adapt to changing risk profiles and portfolios and predict costs.
- Eliminates partial utilization of subscriptions and prevents testing gaps that leave vulnerable entry points.
- Offers web-based help desk tickets for security related questions about the remediation of vulnerabilities.