	
	
		Requirements
		Design
		Implementation
		Verification
		Release
	

	
		Training
		Consulting
		Products	
		

SDL Products

Based on insight gathered during the execution of our assessment services, Security Innovation has developed products that solve specific SDL knowledge and process problems that enterprises face in the development and deployment of secure applications. They include:

COMPUTER-BASED TRAINING - Roll Out Training Programs Efficiently and Economically
Many organizations need effective training programs that educate their teams on application security awareness and/or technical best practices during the SDL, yet they face tight budgets and strict time constraints. Our computer-based training modules deliver that knowledge and are scalable, re-usable and integrate into existing Learning Management Systems.

TEAMMENTOR™ - Secure Coding Guidance System
TeamMentor™ is a sophisticated application security guidance system that delivers the collected experience of Security Innovation engineering to development teams of all sizes. In Wiki-like format, it provides on-demand, task-based collections of secure development knowledge, guidance and libraries to specific practitioners at the appropriate lifecycle phase - helping the entire team build more secure applications.

HOLODECK - Revolutionary Fuzz Testing Tool
Holodeck is a unique fuzz testing tool that discovers how an application consumes, handles and responds to malformed data. Poorly coded applications will try to process the data without checking to see if it’s correct and complete. If the application “falls over” when it gets fuzzed data, then a flaw has been discovered and may have security implications.

The Microsoft SDL fuzzing requirement states that an application with file handling code needs to consume 100,000 fuzzed files. This level of fuzz testing gives additional confidence that your application can handle maliciously corrupted files without failing due to buffer overflows or other potential security vulnerabilities. While it is possible to create 100,000 randomly corrupted files and get some level of fuzz coverage for your application, Holodeck can help you go much further. Holodeck can be pointed at any file your application consumes, and will corrupt it with random data or with data based on very specific rules that you define.

Since Holodeck virtualizes the file stream you can test with confidence knowing that the original file is untouched - and that the corruption is happening in real time on the file stream as your application consumes it. This level of direct and advanced fuzzing is unmatched in the industry. And when you are ready to advance your testing efforts beyond file fuzzing, you can leverage Holodeck to corrupt network streams as well as any data streams that your application exposes or consumes over public APIs.

CxDEVELOPER - Next-Generation Source Code Security Static Analysis
CxDeveloper is a source code security static analysis tool for professional software development teams that have a mandate to create secure enterprise, packaged and embedded software - and seek high performance, reasonably priced software tools to help them do it. CxDeveloper is next-generation technology which provides all the functionality of the previous generation tools plus:

very low false positive rates
structured query language (CxQL)
user extensibility
project completeness independence
integration with development shells
ease of use
more>>

Financial Services Technology Retail Health Care Government Entertainment Private Equity

Vulnerability Analysis Training Software Security Risk

Overview TeamMentor eLearning Holodeck Checkmarx

About Us Newsroom Events Careers

Overview Authored Books Whitepapers Published Articles Webcasts Data Sheets 19 Software Attacks