Application Security (AppSec) & DevSecOps

Securing an application through its entire lifecycle including design, coding, deployment, etc.

  • Creation and integration of a Secure SDLC into Agile DevOps CI/CD chains - DevSecOps
  • Creation of an Application Security Standard, and metrics
  • Static analysis of application code & code security reviews and scanning
  • Dynamic application security analysis
  • Application security architecture and design review
  • OWASP Top 10 & SANS Top 25
  • NIST, COBIT, OpenSAMM, BSIMM, OWASP, SANS, CVSS, CWE, CAPEC, CERT, ENISA, and FFIEC
  • Veracode, IBM AppScan, Coverity, HP Fortify
  • ISO/IEC 9126, McCall