What is the Security Innovation Difference?
Rigid Hiring Process
We hire only proven application security experts that have the right mix of skills: software engineering, knowledge of various technologies and application scenarios, and a creative imagination. Candidates need to pass multiple security challenges and produce a report that gives us a feel for each candidate’s time management, communication, testing, and remediation capabilities.
Each Security Innovation engineer is required to keep their skills honed; therefore, 10% of their time is allocated towards professional development and research in a specific field of application security. We conduct regular internal brownbag presentations for information sharing about new technologies, techniques, attacks, etc. For structured training, engineers have direct access to our industry’s largest application security eLearning library. Our internal wiki houses all of this rich and timely content.
You Get our Full Attention
Security Innovation doesn’t double book our engineers on projects – ever. During an engagement, clients have the full attention of all assigned engineers as well as a project manager to deliver daily status for short engagements and a summary mail for longer ones.
Consistency in Findings, Remediation and Reporting
Our methodologies have been honed for over 15 years. For each assessment, we calibrate the level of tools and expert-driven effort to customer needs to ensure we achieve the most optimized code coverage – whether that be breadth or depth. We don’t just dump results on you – our job isn’t done until knowledge about the risk, remediation, and mitigation plan has been transferred. We offer the most detailed remediation guidance for each vulnerability found, contextual to your organization and any language, platform, and framework in use.
To ensure highest quality of deliverables, every report is reviewed by at least two engineers. Additionally, we leverage our internal portal for report development, quality control, and standards compliance. This repeatability over time increases efficiency through toolset, familiarity, and efficiency gains.
Full Visibility into Coverage
In addition to our Final Report including all vulnerabilities found and remediation and reproducibility for each, we document the exact test plan followed by the engineers. Each test case is marked either pass or mapped to a problem report. If the test case wasn’t performed for any reason the reason will be marked on the test plan. It also includes “recommended next steps” section which discusses any area of assessment that would be useful.