While using Seeker, Parkeon has identified three key benefits that demonstrate that it is the tool for them.
First, Seeker ensures that the entire system, end to end, complies with security standards such as PCI-DSS by understanding how data flows throughout the entire application. It identifies vulnerabilities in relation to their impact on sensitive data.
The data centric approach of Seeker is a strong advantage in testing for PCI-DSS Section 6 requirements. Critical data – such as credit card information – is automatically tracked through the different components of the payment chain to verify that there are no vulnerabilities that may compromise it (such as forgotten debug data, insecure manipulation, insecure storage – even temporarily – in file or database, insecure transmission to third parties, and so on.)
Seeker gives Parkeon the ability to automatically ensure that the overall system complies with security standards - at each release.
Second, Seeker facilitates communication between the test and development teams by linking vulnerabilities back to the offending source code. Unlike other dynamic testing tools which report vulnerabilities by the offending URL, Seeker automatically ties those vulnerabilities back to the source code where the fix needs to be applied. It eliminates false positives, pinpoints the vulnerable source code and provides developers with clear remediation advice tailored to the tested application.
Parkeon is able to improve security, reduce the amount of time spent on security testing and improve communication between security and R&D:
- Developers focus their time on proven vulnerabilities and source code corrections recommended by Seeker.
- Testers have a clear view of business risks of the application tailored by OWASP Top 10 criteria, Parkeon’s corporate security standard.
And third, Seeker improves security awareness and helps train developers for more secure coding practices. Parkeon’s developers and testers are trained on the basis of OWASP Top 10, but they are not information security experts. By providing a replay of every attack, explaining the business risks and providing relevant remediation suggestions, Seeker helps their test and development teams to acquire awareness and training in an ongoing manner, thus improving the security of their code.