Posted by Synopsys Editorial Team on Wednesday, February 1st, 2017
The Total Economic Impact™ Of Seeker®-Interactive Application Security Testing (IAST) by Synopsys, a December 2016 commissioned study conducted by Forrester Consulting on behalf of Synopsys, examines the potential return on investment (ROI) that enterprises may realize by deploying Seeker. The study provides readers with a framework to:
To better understand the benefits, costs, and risks associated with Seeker implementation, Forrester interviewed an existing customer with multiple years of experience using Seeker.
Seeker is an interactive application security testing (IAST) solution from Synopsys. It enables companies to reduce the risk of application-layer attacks with an automated approach that fits into the software development life cycle (SDLC) and Agile methodology.
Before Seeker, customers relied exclusively on an external security consultant to perform manual penetration testing post-production. This often resulted in up to two weeks of work for developers and testers to remediate vulnerabilities, increasing the cost of remediation and impeding the Agile development process.
With Seeker, developers within the organization can test during development. This better supports the Agile approach while decreasing costs.
An interview with an existing Seeker customer (along with subsequent financial analysis) found that their organization experienced:
The organization of focus within the study found that the average time required to remediate a security vulnerability was reduced from 20 hours to around 3 hours. Due to Seeker’s interactive tutorials and videos discussing how to fix errors, the time to remediate errors is lower than with previous testing methods.
While most automated testing tools have a significant false positive rate (some up to 80%), Seeker has a zero false positive rate. Every error reported by Seeker is guaranteed to be an actual vulnerability requiring remediation. This reduces the time developers spend determining if a detected error is, in fact, a true error.
Get the latest AppSec news and trends sent directly to you.