Solutions Partners - Vanguard Technologies
Vanguard Technologies of Dublin, Ireland with offices in London, England was formed to focus on reducing the risk their clients face in doing business Online. Two divisions have been formed to achieve this.
The first of these divisions provides a Managed Remote Web Application Security Testing Service. The company's mission is to enable its customers to improve the quality of their web applications, and protect their brand from security threats aimed at the application.
The other division is a neutral third party consultancy group, working specifically in risk reduction within its clients e-Commerce and Network infrastructure.
Typically software developers in the E-Commerce environment are under such intense pressure to develop and deploy web applications that effective security testing has been, hitherto, impossible to implement. Project managers can now out-source the security testing of their web applications to Vanguard Technologies, whilst still keeping control of the testing process.
Vanguard Technology Consultants are accustomed to working within big business environments, and its senior staff have been providing consultancy services to major UK Banks and Financial houses for the past 20 years. This experience, plus the knowledge accumulated from using tools that have performed over 300 Web Application Security Audits World Wide, bring an unrivalled capability to the UK and European e-Commerce market place.
Vanguard Technologies markets its Security and Managed Remote Web Application security testing service under the brand of SecureWebOnline ( www.securewebonline.com )
SERVICES
The SecureWebOnline Remote Application Security Testing Managed
Service
The integrity of your corporate web site is critical for the
protection of your corporate brand confidential information
and financial assets. To this end most companies have implemented
a broad array of defenses, including firewalls, intrusion
detection systems, anti-virus and encryption controls.
However your web applications behind your firewalls are essentially
wide-open targets to hackers that will initiate hacking attempts
at the application level. Firewall systems, intrusion detection
systems, PKI and encryption offer no protection against application
level attacks.
Developers deal with deadlines and time-to-market issues every day. Security is often secondary to getting a product to market on time. Security loopholes in a Web application are a fact of life and software always has bugs. Through these loopholes, your digital business assets are exposed to intruders. The problem grows with time as applications are changed, improved, and integrated with more third-party products. Intruders can gain access to private customer information, manipulate money, steal sensitive business data, expose partners and trade secrets, impersonate a customer, deface or even shut down the site.
Current Solutions and Disadvantages
Until recently there were no tools that could assist in identifying
application security vulnerabilities. However a number of
tools are now available that assist in the identification
of web application security vulnerabilities and companies
now have two options available:
- Customers can acquire web application security testing tools, however they will have to train and retain expensive staff to use the newly available tools. Further, rapid time scales means that security tests often need to be conducted at non-social hours or at week-ends if "go-live" targets are to be met. Very often the trained security application testers are not available for non-social working.
- To avoid the requirement to employ skilled staff, companies often outsource their security testing to external consultants. While this is a very good solution to meet the lack of skilled internal staff outside consultancy introduces additional problems. The principal problems are consultancy costs and the scheduling of scarce consultant's time to meet customer requirements. For example, imagine that an urgent update is required for an application. The decision to make the update is decided on Friday with programmers doing the development on Saturday with a business requirement to update the web site with the new update on the Sunday. The business would like web application security tests conducted on Saturday night with immediate access to the test reports. This will enable vulnerabilities to be identified followed by remedial code changes, (requiring another cycle of web application security tests), so that the Sunday "go-live" date can be kept. Clearly, no consultancy will be able to guarantee to a customer that it will be able to provide consultancy resources at such short notice.
This leaves the customer with two choices; launch on Sunday and risk application hacks or alternatively delay for weeks until the security consultancy has resources available, with consequent loss of business.
There is an alternative option, SecureWebOnline Managed Service.
SecureWebOnline Web Applications
Security Managed Service
SecureWebOnline provides its customers with a managed web
security application testing service that works as follows:
- Customers of our managed service log in to our secure Area web site by clicking on "Customer Secure Area" to initiate an automated web application security test against a set of application URLs on domains that the customer has previously registered with us. Customers can initiate web automated application security tests at anytime without any advance warning. The customer's secured area contains all the application test scripts and parameters for each of the customers' web applications. This information would have been gathered as part of the managed service registration process.
- The results from each automated web test will be available in each customer's Secure Area immediately on test completion. This will enable customers to have immediate access to test results, make remedial code modifications and then re-test the application. Customers will also have access to SecureWebOnline consultants who can provide additional expert interpretation of test results.
Customer Benefits from SecureWebOnline
Managed Service
Customers of our Managed Service will have the following benefits:
- Faster implementation and ROI - SecureWebOnline remote web security testing services allows your business to focus on web application development and deployment, and because the costs associated with in-house test implementation, training, set-up, and security testing software purchases are not required, these services can provide you a rapid ROI;
- You Retain Control of the Testing Process - by providing an on-demand remote security testing service, you will be able to request remote security tests of your web applications at any time, without the costs associated with developing and retaining an in-house web application security testing infrastructure. Our on-demand test service means that you retain control of the security testing process, you will no longer have to "fit in" with the available man-power resources of an external consultancy;
- Brand Protection - by providing an on-demand remote web application security testing service, your web sites will be tested to evaluate the level of security that has been implemented to protect your brand. Protection of your brand is essential if long-term loyalty of your customers is to be maintained;
- Cut costs - by using SecureWebOnline's expertise in automated Web Application Security Testing you shorten the time to market, thus gaining considerable cost savings over laborious manual methods. Furthermore since the incremental cost of requesting an additional remote test "burn" is low, web applications can undergo multiple security tests at all stages of their development and deployment lifecycle;
- Gaining an objective opinion - SecureWebOnline's consultants driving the security tests to your web site may uncover security vulnerabilities not exposed by an internal testing team by executing different test scenarios or by looking at common web application security problems that they have seen in previous engagements;
- SecureWebOnline expertise - by using our remote web application
security services the expertise that we have gained from
previous engagements will help you to determine the areas
within your applications where security can be most effectively
implemented
More information is available at www.vanguard-technologies.com
More information is available at www.vanguard-technologies.com
