Strategic Application Security Testing & Advisory

Secure Ideas has developed a strategic program comprised of ongoing training and access to expertise.  This model is similar to a traditional trades-person apprenticeship program, mixing on-the-job training and structured study.  Secure Ideas calls this program the Strategic Application Security Testing and Advisory (SASTA) service, and it is built around a set of resources and activities designed to provide ongoing support to grow expertise within organizations.

Sasta_1-1-01-01

The Problem with most other Training

Today's business environment is faced with ever-increasing challenges to meet regulatory and shareholder expectations for securing applications despite a significant shortage of available cyber-security talent in the workforce.  The typical approach to application security training is very tactical in nature, and serves only as an introduction.

Components

Training, Advisory, and Assistance are the three main components of the Strategic Application Security Testing & Advisory service.  Each of these components offers a variety of channels to facilitate the growth of your team's application security expertise.
kevin talk wwhf
Sasta_1-1-01

The Training Component

Online Training:
Members get access to all of the web application security content recorded in our learning management system at training.secureideas.com.  This includes full-length training, and shorter webcasts and workshops.

Tactical Learning:
Secure Ideas will supplement recorded training with one-on-one or small-group training sessions to cover concepts and tools in more detail.  These sessions can be scheduled to run from 30 minutes to two hours depending on the topics to be covered. Sessions covering general topics may be recorded and added to the LMS for other SASTA members. These sessions will be conducted at least six times each year.
Get a Quote
Advisory
Sasta_1-1-01

The Advisory Component

Expert Advice:
SASTA members get a direct line to application security expertise through online chat (e.g. Slack).  This channel is intended to provide quick expert answers to simple scenarios and advice such as risk-ranking or verbiage of findings.  Secure Ideas monitors this channel during business hours.

Consulting:
Secure Ideas provides SASTA members with some flexible consulting time to assist with items such as providing direction in integrating security testing with the SDLC or reviewing software design and architecture to point out potential areas of interest.
Get a Quote
Assistance
Sasta_1-1-01

The Assistance Component

Live Guidance:
We want to make sure SASTA members become productive application security experts.  Whether an AppSec team member is stuck while conducting an application penetration test, a developer needs help understanding static analysis result, or any number of scenarios where they need a quick second set of eyes on something, they have the option of scheduling a 15-30 minute web meeting with a Secure Ideas expert, getting assistance through a screen-share session.

Report Review:
The report is often considered the most important part of a penetration tester's job.  SASTA therefore includes an option to have a Secure Ideas consultant review the penetration test reports that are produced by your team member, with the goal of improving the quality of their report writing. This review will consider items such as overall report format, the risk rankings of findings, accuracy of vulnerability descriptions and remediation suggestions.

WebScout
This service is the Secure Ideas solution for rapid web application penetration tests.  It consists of a hybrid manual, and automated test that is time-boxed with a priority focus on high-to-low risk items.  This is for those situations where teams are overwhelmed, understaffed, and just need someone to jump in, conduct a test, provide a report.  WebScout is an optional addition to SASTA.
Get a Quote

Testing Credits

Shifting left is critical to the continued security in organizations.  Most development is made better by moving security earlier in the process. But the traditional penetration testing of web applications and APIs doesn't fit well in the earlier stages of the software development lifecycle (SDLC).

 

Secure Ideas has created a process of testing credits to help solve these issues (especially when paired with SASTA).  An organization can purchase credits to use over the next 24 months.  Combined with a self-scoping system, these credits allow an organization to work with Secure Ideas within their development processes.

red-lock-svg-01-1
red-lock-svg-01-1
red-lock-svg-01-1
red-lock-svg-01-1

Scoping

Secure Ideas consultants will work with you to discuss the scope of your service needs.

*For additional seats for SASTA + Testing, please call us.

Service Notes of Purchase Price-range
Annually *Minimum purchase of ten (10) seats $1000 per seat
SASTA + Testing *50+ credits purchased provides free SASTA for 25 seats. 10% off (per 5 credits purchased)

Have more questions about SASTA?