Overview
Your applications are the front door to your enterprise. Regardless of the number of firewalls, the security of your data center, or the access controls you have in place, applications may still be vulnerable to hacker exploits. Foundstone helps assess the security of applications and apply appropriate measures to fortify your defenses. The Software & Application Security Check offered by Foundstone Professional Services is a high-level security overview for your application portfolio.
Key Benefits
- Stay compliant
Enterprises with unsecured applications are typically in violation of regulatory and legal compliance. Foundstone has an in-depth understanding of these regulatory strategies and how they relate to specific compliance issues. Regulations include:- GLBA
- SOX
- HIPAA
- PCI
- Federal Information Processing Standards
- Assess risks across your application portfolio
Enable a classification of your applications based on their risk profile. This allows you to apply the appropriate security measures throughout the software development lifecycle.
Methodology
Software development lifecycles (SDLC) and enterprise business practices typically do not prioritize application security. Foundstone assesses all popular SDLCs, including the prototypical waterfall, several agile implementations, and the all-encompassing rational unified process.
Foundstone measures the soundness of your application security and helps you determine the steps necessary to reinforce it by measuring your current posture against baselines in our seven best practice areas:
- Awareness and training
- Assessment and audit
- Development and quality assurance
- Compliance
- Vulnerability response
- Metrics and accountability
- Operational security
Our best practices-based methodology was developed in collaboration with McAfee’s John Viega, an applications security expert and co-author of numerous books on the topic of building secure software.