Web application security for software development companies

28/07/2020

The difference between security companies that tell you what's wrong and those that work with you to make your applications more secure.

If your company has ever been penetration tested, you'll be familiar with the feeling of trepidation waiting for the results to come back. Followed swiftly by the challenge of understanding the long and often extremely technical report, and figuring out what on earth you actually need to change in order to address the issues. More often than not with the testing company accompanying the report with an expensive quote for helping you fix all these things.

We're constantly being told that cyber security is increasingly important, with the newspapers full of stories daily about high profile organisations being hacked. However the old fashioned approach to testing paraphrased above is never going to be appropriate for anybody but the largest companies.

You probably won't be surprised to hear that we believe in a completely different approach. Let's start with the basics: we think the quality of our testing is equal, if not better, than our competitors. We achieve this from continual research, membership of professional bodies, and first-hand experience of developing secure applications which are both constantly used in real world situations and frequently penetration tested.

However where we are really different is with the reports we provide. We don't simply tell you what the issues are. We explain, in detail, how to address them and, wherever possible, we do this in plain English.

In the majority of cases addressing security issues is quite straightforward, however most security companies won't tell you how - they want to protect their knowledge. We believe in the opposite - the better that people understand how to create secure systems, and the more people that know, the better protected we will all be.

And of course we're more cost effective than other companies.

This is "security testing for the masses" if you like.

By James Percy, Director, Verasseti