90% of All Attacks Occur at the Application Layer
Security Innovation works closely with organizations like Orbitz, GoDaddy.com, Payless Shoes, and others to build internal expertise, identify vulnerabilities in applications, reduce application risk and ensure their SDLC integrates security activities that are needed for compliance.
Training for OWASP, Secure Web Coding, PCI-DSS
Over the last 10 years, Security Innovation has developed unparalleled expertise in application security on the world’s most dominant Web platforms. This expertise is available to our customers in the form eKnowledge products. Security Innovation's TeamProfessor eLearning, combined with TeamMentor, our secure development knowledebase, ensures that you have the right skills as you prepare and conduct security activities. With more than 35 courses and 3,000+ searchable guidance assets for ASP.Net, Java, C/C++, Web services, OWASP, PCI-DSS, and more, all the knowledge you need is at your fingertips.
Popular courses include:
- Creating Secure ASP.Net or J2EE applications
- How to Test for the OWASP Top Ten
- PCI-DSS for Developers
- more
IT System Attack Simulation
Retail and ecommerce organizations often rely on 3rd party applications and COTS hardware, each of which can introduce data risks that are well known to hackers: exploits in known applications, insecure default settings and configurations, poorly implemented crypto, and more.
Security Innovation can help you plug holes before they are exploited by an actual attacker. Our engineers will conduct perpetual attacks on your IT infrastructure to identify vulnerable areas that an attacker would exploit to gain access to your data or bring your system offline including:
- High-severity software vulnerabilities
- Weak or default passwords
- Misconfigured web and database servers
- Unknown Internet facing applications or integration code
- Systems that don’t have proper authentication controls or too high of privileges
- Insecure communication channels and poorly implemented crypto
The result is a meta threat model of your IT infrastructure that shows all the different areas of data flow, and where you are most vulnerable. more>>
Application Assessment
Security Innovation has performed security code reviews and deep security testing on many web-based and non-web retail applications. We can help you mitigate risk for a single application or across an entire enterprise portfolio of applications.
Secure SDLC Optimization & Compliance
Whether you need to map application security to compliance mandates like PCI-DSS and governance standards, or simply want to integrate security into your existing development process, we can perform a gap analysis on your existing SDLC and identify key activities and gates that need to be adopted. more >>
PCI-DSS Developer & Staff Awareness Training
Security Innovation offers several eLearning courses that provide awareness training and help developers understand what is required of them to maintain PCI-DSS compliance.
Popular courses include PCI-DSS for Developers, Creating Secure ASP.Net or J2EE applications, and Web Threats & Mitigations.
PCI-DSS Compliance Readiness
PCI-DSS has several application security-specific requirements, including several application-layer controls. Our expertise in application security and PCI-DSS helps you meet the requirements and improve your infrastructure to better enable long-term compliance.