Security Testing

Enterprises around the world are leveraging the Web to perform various business operations, including fostering of interaction between different stakeholders like customers, business partners and vendors.

New technology trends like Service-Oriented Architecture (SOA), cloud computing and Software as a Service (SaaS) are radically changing the way information is shared and accessed. Along with all the benefits offered by the Web, these new trends are also exposing organizations’ confidential information and business-critical logic to the external world, which might threaten their very existence.

In addition, there are several regulatory standards, such as the Federal Information Security Management Act (FISMA), Sarbanes-Oxley Act (SOX) and Payment Card Industry Data Security Standards (PCI DSS), that need to be complied with. Security breach can have far-reaching consequences for enterprises, including loss of customers, revenue, privacy compliance and credibility in the market, and hefty fines in case of non-compliance with the prevalent standards like SOX and PCI-DSS.

Given the capacity of hackers and ever-increasing intelligence for breaking into applications, it is not just enough to have Secure Sockets Layers (SSLs), firewalls, antivirus software or some random scanning procedures to ensure security of applications. Instead, a thorough and comprehensive Security Testing strategy, spanning the entire SDLC, must be adopted to secure applications.

It is here that Sonata can add value. We leverage our vast experience of ensuring application security and our strategic partnerships with the leading security testing tool vendors to provide end-to-end Security Testing solutions covering the entire SDLC.

  

Our Security Testing services are powered by a Security Testing framework along with multiple solution accelerators, which drive down the total cost of Security Testing. Our Security Testing approach is based on our “W” Model, which provides the best practices, templates, checklists and guidelines throughout the lifecycle, starting from Requirements Gathering to Production Deployment and Monitoring.

As part of its Security Testing framework, Sonata has developed an OWASP (Open Web Application Security Project) assessment framework, which covers the OWASP Top 10 Security Threats and has over 500 pre-built test cases that reduce the Security Testing cycle and costs. Sonata’s SonnetPCI framework provides a secure payment processing engine and secure credit card store, which help clients achieve PCI DSS compliance.

Sonata’s Security Testing framework clearly lays out a set of software security activities, which are aligned with the commonly used SDLC activities. The integration of these security activities, best practices, workflows and roles / responsibilities, which are based on various industry standard procedures and consortiums like OWASP and PCI DSS, helps organizations implement effective application security strategies as part of their SDLC in a seamless manner.