A cyber security acquisition can be a great deal for investors, but what about users? Here’s what to do if your application security tool has been acquired.
You spend a large sum on your application security testing tool. You roll out an application security testing program across your organization. Then one fine day, you learn that the vendor or the tool you’ve been using has been acquired. Now what?
Mergers and acquisitions bring a lot of uncertainty for customers. Personnel may change; terms of service may change. That shiny new feature that your vendor promised to implement in the next release may be in jeopardy. Not only that, but the product itself may be end-of-lifed!
If you’re running an application security program for a government agency, things may get even more complicated after a cyber security acquisition. What if your tool gets acquired by a company offshore? After all, we’re talking about potentially giving a foreign-located vendor access to vulnerabilities in your applications. Do you trust the vendor and their personnel to perform security testing on applications that handle sensitive or classified information?
If you find yourself in a sticky situation related to a cyber security merger or acquisition, follow these simple steps:
Synopsys offers a wide array of market-leading application security testing tools and services to meet all your application security testing needs. We offer Coverity for static analysis, Black Duck for software composition analysis, Defensics for protocol fuzzing, Seeker for interactive application security testing, and Security Testing Services for a plethora of application security testing services.
Since we offer more application security testing solutions than I can cover in one blog post, I’d like to introduce you to Seeker, which is the tool of choice for any organization looking for an efficient dynamic security testing solution. If the future of your AppSec tool is uncertain following a cyber security acquisition, you should seriously consider Seeker. Here’s why:
Seeker converts your functional tests into security tests. All you need to do is install a Seeker agent on your application. The Seeker agent monitors application behavior and reports vulnerabilities. There’s no need to perform security testing separately; Seeker does it for you while your QA team is testing your application.
Seeker also performs software composition analysis and reports vulnerable open source and third-party components in your application, something that traditional DAST tools do not do.
Seeker is the only AppSec tool that can track and detect sensitive-data leakage based on both value and name patterns. This capability allows you to accurately detect sensitive-data leakage in your application.
Does your DAST tool report a lot of false positives? Are you wasting precious resources chasing them? If so, then you need to try Seeker. Seeker has a unique patented verification engine that automatically verifies vulnerabilities in real time to filter out false positives.
Since Seeker is based on instrumentation technology, it can provide the full context of vulnerabilities. Code location (line number and file name) and runtime context (request and response) make it easy to remediate vulnerabilities.
Seeker provides contextual training through integrated eLearning, which allows developers to get just-in-time training on vulnerabilities and remediate them quickly.
If your AppSec tool or vendor has been acquired, you’re faced with an important decision. You may have to find a new vendor so you can obey regulations or meet your customers’ requirements. Or you may want to find a new tool to meet your own needs. Either way, a cyber security acquisition can be a golden opportunity for you to find better options.
To learn more about Seeker, watch our webinar on IAST, or read our Q&A about IAST.
Asma Zubair is a seasoned product leader with extensive experience managing and launching products and services in the application security and application protection space. At Synopsys, Asma manages Seeker, the industry’s first IAST solution with active verification and sensitive-data tracking for web-based applications. Prior to Synopsys, Asma led teams at WhiteHat Security, The Find (Facebook), and Yahoo!. Asma holds a degree in electrical engineering from IIT in India and an MBA from UC Berkeley’s Haas School of Business.