Global financial organizations like ING, Mass Mutual, UBS, Allstate, Barclays, Liberty Mutual, and Credit-Suisse have leveraged our solutions to identify vulnerabilities in their applications, train their development teams and manage application risk.
Training for OWASP Top 10, Secure Web Coding, Web Services
Security Innovation's TeamProfessor eLearning, combined with TeamMentor, our secure development knowledebase, ensures that you have the right skills as you prepare and conduct security activities. With more than 35 courses and 3,000+ searchable guidance assets for ASP.Net, Java, C/C++, Web Services, OWASP, PCI-DSS, and more, all the knowledge you need is at your fingertips.
Popular courses include:
- Creating Secure ASP.Net or J2EE applications
- How to Test for the OWASP Top Ten
- Fundamentals of PCI-DSS
- PCI-DSS for Developers
- more
Secure SDLC Optimization & Compliance
Whether you need to map application security to compliance mandates like PCI-DSS and governance standards, or simply want to integrate security into your existing software development lifecycle (SDLC), we are the experts who can help. more >>
Application Portfolio Assessment
GRC and Security Teams often have thousands of assets and applications that need to be risk-ranked - and internal groups use different terminology and language relating to their own specific environment which makes it difficult to assess risk.
Our Application Portfolio Assessment service offers visibility into the state of application security across your organization, and comprises a risk-ranking exercise and the delivery of a risk-ranking framework for more informed planning. We can assess the security of a single software application in addition to the portfolio-wide risk ranking.
IT Infrastructure Attack Simulation
Financial Services organizations often rely on 3rd party applications and COTS hardware, each of which can introduce data risks that are well known to hackers: exploits in known applications, insecure default settings and configurations, poorly implemented crypto, and more.
Security Innovation can help you plug holes before they are exploited by an actual attacker. Our engineers will conduct perpetual attacks on your IT infrastructure to identify vulnerable areas that an attacker would exploit to gain access to your data or bring your systems offline including:
- High-severity software vulnerabilities
- Weak or default passwords
- Misconfigured web and database servers
- Unknown Internet facing applications or integration code
- Systems that don’t have proper authentication controls or too high of privileges
- Insecure communication channels and poorly implemented crypto
The result is a meta threat model of your IT infrastructure that shows all the different areas of data flow, and where you are most vulnerable. more>>
PCI and GLBA Compliance
PCI-DSS and GLBA requirements have application security-specific assessment and training requirements. Our expertise in application security provides you with the intelligence that you need to not only meet these requirements, but improve your SDLC for sustainable compliance.
High-Performance SSL
Our plug-and-play SSL libraries incorporate our IEEE- and X9-standard NTRU algorithm. They deliver high-strength data encryption up to 200x faster than RSA and are ideal for mobile software and high-volume transaction/payment systems.