At Veracode, we help companies from various industries to secure their applications. This post is the first in a series where we share the knowledge gained from working across a diverse set of industries.
We recently worked with a Fortune 500 energy company that was facing a number of challenges in implementing an application security program. Key challenges encountered were:
Scaling Testing Across a Large Number of Applications
Our customer originally had a small team of penetration testers focused on a few critical applications. Their business executives recognized that they had to scale up their testing program to cover a much broader range of applications. This company realized that manual penetration testing alone would not allow them to test all their applications. They needed a different approach which is why they started looking at SaaS solutions that could automate binary static and dynamic testing. This ensured that their applications would be compliant and also verified that they would be safe from threats and vulnerabilities. This customer was drawn to Veracode's application-based subscription model which aids companies when scaling up to a greater number of applications.
Defining SDLC Best Practices to find vulnerabilities
This energy company was also interested in identifying vulnerabilities before deploying or migrating their applications to their new, and more secure, production IT environment. This meant finding ways to integrate with their development teams early in the software development lifecycle (SDLC). Veracode's team assisted in defining SDLC best practices to find vulnerabilities and provided clear actionable remediation guidance to developers.
Inability to Remediate Due to Lack of Planning, Resources and Budgets
Year after year the penetration testing team would find the same vulnerabilities in the same applications. Application flaws were not being fixed because the development teams that were responsible for implementing the fixes were not being given the resources to actually complete the remediation. Since Veracode’s remediation services focuses on providing guidance for developers, we found a Veracode partner to implement quick remediation for business teams. This approach led to an overall reduction in risk and lowered the remediation cost for the company.
Does your business encounter similar problems? What other issues do you face? Let us know in the comment section and watch out for the next part of the series.