Company’s solution lets enterprises grow app security efforts
Application security and risk management software maker ZeroNorth is enabling enterprises to more efficiently run software and infrastructure scans and mature their application security programs.
The Lowdown: The Boston-based company recently announced that it’s putting the solution into its Rapid Application Security platform to bring open-source options for vulnerability testing in such emerging areas as container security and cloud management.
The Details: The new solution uses open-source products in the ZeroNorth platform to offer such tools as software composition analysis (OWASP Dependency Check), static application security testing (Bandit, Brakeman, and SonarQube), dynamic application security testing (OSWAP Zap), container security (Aqua, Clair, and Docker Content Trust), and cloud management (Prowler). It also can be used to supplement existing commercial offerings that are lacking these capabilities, according to ZeroNorth officials.
The offering scans software and infrastructure, then puts the results into a dashboard. It also coordinates management and remediation processes.
Potential use cases outlined by ZeroNorth include:
> New or maturing app security programs: The scanning abilities within the new solution will enable CIOs and CTOs to accelerate security initiatives across the developmental and operational phases of software lifecycles.
> Supply chains: The solution brings vulnerability protection for managing the risk presented by third-party software.
> Product security: The greater visibility in the software lifecycle enables development and product security teams to be more proactive when building security into their products.
The Buzz: “We see application security initiatives often slow down due to the time it takes a security team to evaluate, select, and onboard commercial scanning tools,” said Dave Howell, vice president of marketing at ZeroNorth. “With our new solution, we make it easier for organizations to begin implementing scan capabilities today, using open source, while planning for longer-term deployments of best-of-breed commercial products.”
“ZeroNorth’s solution for Rapid Application Security enables security groups to upgrade from a few vulnerability discovery activities, conducted on the riskiest business assets, to a security initiative based on orchestrated risk management that more comprehensively covers their application portfolio,” ZeroNorth CTO John Steven said.