SECURITY. GUARANTEED.
“We retained AsTech Consulting to evaluate our software development processes
and to make recommendations with the goal of increasing the overall security of
applications developed in-house.”
CHIEF SECURITY OFFICER
CASE STUDY
A Growing Online Brokerage Firm Faces Application Security Challenges
BUSINESS CHALLENGE
This online brokerage has been growing organically and by acquisition, and has a substantial in-house development
organization. The company also works with a number of offshore development firms. The Chief Security Officer
recognized a need to move the enterprise up the Maturity Curve as far as application security was concerned, and do it in
such a way that would make business sense to the development organization.
THE ASTECH SOLUTION
Initially, AsTech application security experts performed a discovery process, in which we interviewed key managers and
software developers to understand the brokerage’s internal processes and business needs. What AsTech found was a
lack of standard application development practices– in part because of its geographically dispersed workforce, including
offshore, and the fact the company had grown largely through acquisitions
AsTech recommended a ‘Software Security Center of Excellence’ with a few key elements in its charter:
• Establish and communicate application security development standards
• Establish some level of enterprise-wide application security assessment processes
• Provided expert application security consulting services to the firm’s software development groups.
To get things started, AsTech provided an interim manager for the nascent group and helped recruit the initial full-time
staff. AsTech also conducted secure development techniques training for the firm’s software development groups at
locations around the county.
AsTech also conducted comprehensive white box assessments of some of the firm’s largest and most critical applications.
The assessments provided the brokerage with a full picture of the application vulnerabilities in ways that could not be
achieved solely through the use of the automated code scanning tools which the company had purchased.
AsTech continues to regularly work with the brokerage to assess the security of its web and mobile applications.
AsTech • 71 Stevenson Street Suite 1425 • San Francisco, CA 94105 • Phone: 1-415-291-9911 • www.astechconsulting.com • [email protected]