The Vanguard Brand Protection - Remote Application Security Testing Managed Service

The integrity of your corporate web site is critical for the protection of your corporate brand confidential information and financial assets. To this end most companies have implemented a broad array of defenses, including firewalls, intrusion detection systems, anti-virus and encryption controls.

However your web applications behind your firewalls are essentially wide-open targets to hackers that will initiate hacking attempts at the application level. Firewall systems, intrusion detection systems, PKI and encryption offer no protection against application level attacks.

Why Web Applications are Vulnerable to Hackers

Developers deal with deadlines and time-to-market issues every day. Security is often secondary to getting a product to market on time. Security loopholes in a Web application are a fact of life and software always has bugs. Through these loopholes, your digital business assets are exposed to intruders. The problem grows with time as applications are changed, improved, and integrated with more third-party products. Intruders can gain access to private customer information, manipulate money, steal sensitive business data, expose partners and trade secrets, impersonate a customer, deface or even shut down the site.

Current Solutions and Disadvantages

Until recently there were no tools that could assist in identifying application security vulnerabilities. However a number of tools are now available that assist in the identification of web application security vulnerabilities and companies now have two options available:

• Customers can acquire web application security testing tools, however they will have to train and retain expensive staff to use the newly available tools. Further, rapid time scales means that security tests often need to be conducted at non-social hours or at week-ends if "go-live" targets are to be met. Very often the trained security application testers are not available for non-social working.
   
• To avoid the requirement to employ skilled staff, companies often outsource their security testing to external consultants. While this is a very good solution to meet the lack of skilled internal staff outside consultancy introduces additional problems. The principal problems are consultancy costs and the scheduling of scarce consultant’s time to meet customer requirements. For example, imagine that an urgent update is required for an application. The decision to make the update is decided on Friday with programmers doing the development on Saturday with a business requirement to update the web site with the new update on the Sunday. The business would like web application security tests conducted on Saturday night with immediate access to the test reports. This will enable vulnerabilities to be identified followed by remedial code changes, (requiring another cycle of web application security tests), so that the Sunday "go-live" date can be kept. Clearly, no consultancy will be able to guarantee to a customer that it will be able to provide consultancy resources at such short notice.

This leaves the customer with two choices; launch on Sunday and risk application hacks or alternatively delay for weeks until the security consultancy has resources available, with consequent loss of business.

There is an alternative option, Vanguard Brand Protection Managed Services.

Vanguard Brand Protection Managed Services

Vanguard Brand Protection provides its customers with a managed web security application testing service that works as follows:

• Customers of our managed service log in to our secure Area web site by clicking on "Customer Secure Area" to initiate an automated web application security test against a set of application URLs on domains that the customer has previously registered with us. Customers can initiate web automated application security tests at anytime without any advance warning. The customer’s secured area contains all the application test scripts and parameters for each of the customers' web applications. This information would have been gathered as part of the managed service registration process.
   
• The results from each automated web test will be available in each customer’s Secure area immediately on test completion. This will enable customers to have immediate access to test results, make remedial code modifications and then re-test the application. Customers will also have access to SecureWebOnline consultants who can provide additional expert interpretation of test results.

Customer Benefits from Vanguard Brand Protection Managed Services

Customers of our Managed Service will have the following benefits:

• Faster implementation and ROI – Vanguard Brand Protection remote web security testing services allows your business to focus on web application development and deployment, and because the costs associated with in-house test implementation, training, set-up, and security testing software purchases are not required, these services can provide you a rapid ROI;
   
• You Retain Control of the Testing Process – by providing an on-demand remote security testing service, you will be able to request remote security tests of your web applications at any time, without the costs associated with developing and retaining an in-house web application security testing infrastructure.  Our on-demand test service means that you retain control of the security testing process, you will no longer have to “fit in” with the available man-power resources of an external consultancy;
   
• Brand Protection – by providing an on-demand remote web application security testing service, your web sites will be tested to evaluate the level of security that has been implemented to protect your brand.  Protection of your brand is essential if long-term loyalty of your customers is to be maintained;
   
• Cut costs – by using Vanguard Brand Protection’s expertise in automated Web Application Security Testing you shorten the time to market, thus gaining considerable cost savings over laborious manual methods.   Furthermore since the incremental cost of requesting an additional remote test “burn” is low, web applications can undergo multiple security tests at all stages of their development and deployment lifecycle;
   
• Gaining an objective opinion –Vanguard Brand Protection’s consultants driving the security tests to your web site may uncover security vulnerabilities not exposed by an internal testing team by executing different test scenarios or by looking at common web application security problems that they have seen in previous engagements;
   
• Vanguard Brand Protection expertise - by using our remote web application security services the expertise that we have gained from previous engagements will help you to determine the areas within your applications where security can be most effectively implemented.