Veracode
DevOps Penetration Testing

Security Testing the Development Infrastructure & Process, Not Just the Application

Pentesting Your DevOps Environment



The DevOps process is one that is new and constantly evolving. Fast-paced change is great for competitiveness but it can open up security issues when teams rapidly deploy new technologies in the pipeline that they don’t have best practices for yet. When AWS S3 buckets were a new technology, many companies failed to protect them with proper authentication, leaking data due to misconfiguration. Today’s new technologies, such as Docker, Kubernetes, and Elastic Search are introducing their own flavors of security issues. Veracode DevOps Penetration Testing is a manual security test of your development cycle, testing the strength of your infrastructure, the security of your external network, and the security practices of your developers. With this pen test, we ensure your application and DevOps process is secure.

 


Testing for Exposure in Your DevOps Processes



  • Ensuring developers are practicing proper security measures by analyzing GitHub repositories, looking for exposed credentials, sensitive data related to app development, and job boards
  • Testing your network and cloud infrastructure to ensure your application environment is safe
  • Find vulnerabilities in containers and microservices
  • Checking your external network by searching for misconfigurations, such as open AWS S3 buckets and exposed Elastic Search or MongoDB databases
  • Inspect your public exposure by simulating an attack on your engineering infrastructure, including containers, CI tools, and microservices
  • Discover systems on the external network and research OSINT information about developers, applications and infrastructure

A First-Class Team of Ethical Hackers



  • Testers are located in North America and Europe
  • Authors and contributors to cutting-edge open source penetration testing tools, community projects, as well as security publications and books
  • Speakers at SANS, OWASP AppSec, ShmooCon, DEFCON, Black Hat USA, Black Hat Abu Dhabi, INFOSEC World, DerbyCon, Bsides, and ISSA summits
  • Found CVEs affecting over 50 different router models
  • Certifications including C|EH, CISSP, CISM, GWAPT, GIAC, GPEN, GAWN, MCSE+Security, Security+, CHFI, GCIH, CICP, OSCP
  • Experience in social engineering and red teaming at banks, defense contractors and the armed forces

Penetration Testing Helps Meet Compliance Requirements



  • Penetration Testing is a required component of many compliance regulations.
  • The reports you receive with Veracode DevOps Penetration Testing can help meet compliance requirements, including GDPR (Article 32), PCI DSS (Requirement 11.3), Sarbanes-Oxley, HIPAA, 201 CMR 17.00, GLBA, FISMA, and many regional laws and regulations.

All Testing in One Unified Platform



With Veracode’s unified platform, you have one central view into your organization’s risk – from development through production. And all penetration testing results are incorporated into the platform reporting. From this one location, you:

  • Prioritize your remediation with reports that are easy to understand and delegate to the teams responsible.
  • Get a better understanding of your organizations risk from development through production
  • Create and manage your organizations security policies and ensure that every application is meeting your required policies.
  • Get attestations for government and industry regulations and compliance policies.
 

 

contact menu