Looking to integrate security testing into your SDLC?
Secure Ideas offers testing credits used to schedule on-demand testing by our security consultants. These web security assessments are designed to quickly respond to your development processes and assist in building out secure applications and APIs.
Embedding Security Into the SDLC
Shifting left is critical to the continued security in organizations. Most development is made better by moving security earlier in the process. But the traditional penetration testing of web applications and APIs doesn't fit well in the earlier stages of the software development lifecycle(SDLC).
Secure Ideas has created a process of testing credits to help solve these issues (especially when paired with SASTA). An organization can purchase credits to use over the next 24 months. Combined with a self-scoping system, these credits allow an organization to work with Secure Ideas within their development processes. The testing credits can be used for:
- Web Applications
- RESTFul APIs
- Phone Systems
- Cloud-based Applications
Once the credits are purchased, Secure Ideas works with the organization to embed the testing into the current processes. Most, if not all, of the testing associated with credits can start within 1-2 business days from the initial request. The client then receives the report as rapidly as possible.
Secure Ideas offers a discount table based on the number of credits purchased. This table outlines the discounts:
Discount per Credits Purchased
Each pre-purchased credit is approximately one day of testing effort and is part of embedding the testing within the client organization's processes, such as their SDLC. The discounts offered for volume purchases and adding on the SASTA program are described in greater detail within the Prepaid Credit Guide Knowledge Center article.
SASTA + TESTING CREDITS
per 5 credits purchased
- SDLC Embed
- Rapid Scheduling
- Includes additional webinar attendees*
- SDLC Embed
- Rapid Scheduling
- OWASP® Top 10 Testing
- Retesting Included
Our Engagement Process
To enable us to embed our testing as efficiently as possible, we have created a unique process for our pre-purchased testing credits. Our engagement process is as follows:
- Scoping: Secure Ideas provides a self-scoping document to any pre-purchased test credit client. Using this document, the client is able to determine the number of credits necessary for the testing.
- Scheduling: Once you have scoped the work, we work with you to find a mutually agreeable time to perform the test. This scheduling typically happens within 1-2 business days.
- Testing: We begin testing. During the testing, we work with the client (typically via our Advisory Slack Workspace) to explain any findings and issues found during the test.
- Delivery: After the testing is complete, we provide the report to the client. This will cover any findings discussed during testing, as well as any other findings found. If you need a letter of attestation, then we can provide that to you, as well.
- Retesting: If you remediate items from a test we performed, we are happy to test the changes to make sure they have been properly executed.