Coveros CTO Tom Stiehm on Building Secure Software
October 31, 2011
On November 10th Tom Stiehm, Coveros CTO, will be presenting at the Better Software 2011 Conference in Orlando, FL. Tom will present on how 'Building Secure Applications'. Join Tom to explore real-world security controls he’s applied to commonly used application frameworks. Find out how to map security vulnerabilities to the security controls that manage those vulnerabilities and where to place those controls in your framework.
Coveros CEO Jeff Payne on Fundamentals of Agile Certification
October 3, 2011
Coveros CEO Jeff Payne will present at the STARWEST 2011 Conference in Anaheim, CA. Fundamentals of Agile Certification will present a roadmap for how to get started with agile along with practical advice. It will introduce you to agile software development concepts and teach you how to make them work. You will learn what agile is all about, why agile works, and how to effectively plan and develop software using agile principles.
Coveros announces the formation of Coveros Labs
June 23, 2011
Coveros, the market leader in the delivery of secure, reliable software, announced the formation of Coveros Labs (research.coveros.com) – a research laboratory focused on developing innovative technologies to enable secure software applications.
Coveros CEO Jeff Payne on "Balancing Agility and Security"
March 9, 2011
Coveros CEO Jeff Payne is interviewed and dives into the subject of "Balancing Agility and Security" in software.
Enterprise business process software company
Application security assessment significantly reduced security vulnerabilities of a commercially available software product.
Objective
Assess the security of a commercially available software product for our customer. The product is used by numerous non-profit organizations for business process automation. Security vulnerabilities in this software application exposed their association customers to fraud on their critical web presence used for fund-raising.
Background
A mid-sized software product company sought to improve its application security as part of an overall initiative to achieve Payment Card Industry (PCI) Security Standards Council compliance for its payment application software. PCI Security Standards Council is a policy-setting association established and run by payment card companies. It’s purpose is to assure the security of payment card processing technologies and software applications.
What we did
Performed a multi-week analysis of the software product’s conformance with the PCI Payment Application Data Security Standard (PA-DSS) standard. Conducted an application security assessment that included both an application security test and a secure code review. The application security test focused on assessing the software product against both PCI requirements and OWASP security testing criteria. The secure code review focused on analyzing the source code for implementation defects and mapping any identified vulnerabilities to specific PCI requirements.
Results
- Identified numerous vulnerabilities in the application
- Worked with the software vendor to understand and correct these issues
- Validated that the security testing and code review conforms to PCI PA-DSS requirements
