Production
In the Production phase of the software development lifecycle, we can match you with automated AppSec tools that cover the following functions:
Dynamic Application Security Testing (DAST)
Beginning in the Build & Test phase and continuing into the Production phase, DAST or “black box testing” analyzes the application from the outside in while it’s running in production. It represents a hacker’s approach to identify issues with reponses, requests, scripts, interfaces, injections, and authentication.
Infrastructure as Code Security Testing (IaC)
During the Build & Test phase IaC Security ensures best practises are built into the declarative pipeline. This continues into Production when the automated process finds and fixes Terraform and Kubernetes IaC issues—enabling teams to detect configuration issues that could open deployments to attack and malicious behavior.
Interactive Application Security Testing (IAST)
From Build & Test through Production phases, automated IAST performs testing on applications from the inside out, and outside in. This process flags security vulnerabilities in real-time while the application runs, and often provides coverage across all modules in a package.
Runtime Application Self-Protection (RASP)
RASP begins during the Build & Test phase and continues through Production. This automated security process detects and blocks attacks on applications in real-time. Using personalized protection RASP provides unique visibility into the application's behavior.
Penetration Testing & Red Teaming
Penetration Testing is the practice of launching authorized, simulated attacks against software for the purpose of exposing potential security weaknesses and vulnerabilities. It is conducted manually by experts or expert teams, commonly referred to as Red Teams, with the aid of specialized tools. Manual testing of this type is an essential part of the security verification due diligence process for mission critical systems due to inherent limits of AST tools. It detects vulnerabilities often residing in areas automation can’t reach, such as; an application’s workflow, business logic and security controls.