Feeds:
Posts
Comments

Posts Tagged ‘Application Security’

This video is about Trustwave Web Application Firewall by E-SPIN

Trustwave Web Application Firewall

For those who can not join us for the session, please see the summary and highlight clip for the event.

https://www.youtube.com/edit?o=U&video_id=ar5C2Efuo0I

E-SPIN recently run a Trustwave Web Application Firewall what’s new session cover what new for new user and existing users.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Read Full Post »

E-SPIN is please to bring over highly demand market leading Veracode Application Security Product Portfolio Licensing Subscription cross over to eLearn product E-SPIN represented in region we do business effective from 1st Jun to 30 Sep 2017.

https://goo.gl/JEHYPL

E-SPIN_Promotion_Veracode_AppSec_Product_Subscription_Free_eLearn

Read Full Post »

This video is about event highlight and summary of Partner Synergy 2017 Application Security Event by E-SPIN

E-SPIN Partner Synergy 2017

For those who can not join us for the session, please see the summary and highlight clip for the event.

E-SPIN recently run a Partner Synergy 2017  what’s new session cover what new for new user and existing users.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Read Full Post »

espincorp-learning

E-SPIN partner with Security Innovation to provide access to hundred over global leading computer based training (CBT) that cover Security Awareness, Application Security In Depth, and Hackathon online and network hacking simulation training courses that is relevant and quality.

We are share the same goal – to provide easy access and to upgrade employee skills, knowledge, abilities and other competencies (SKAO) thru the computer based training (CBT) manner. To train a workforce that will be successful today and lead company to tomorrow. That is the challenges for most of the organisations. Computer based training provide a high efficient, effective and flexible way to help organisation achieve organisational learning and development.

E-SPIN joined forces with Security Innovation to accomplish this goal. Through a unique partnership, E-SPIN provides those high demanded and relevant curriculum and expanded course offerings in the package bundled with the various application security tools across the Asia Pacific region. End customer will have the chance to acquired global industry standard application security tool and access to highly relevant and quality training courses in package bundled.

For more detail for the cross over bundled, please contact E-SPIN officer securityinnovation@e-spincorp.com for the detail.

Read Full Post »

This video is about FortiDB Product Overview by E-SPIN

fortidb-fortinet-product-overview

 

For those who can not join us for the session, please see the summary and highlight clip for the event.

 

E-SPIN recently run a FortiDB  what’s new session cover what new for new user and existing users.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Read Full Post »

fortiweb-waf-productoverview-espincorp

For those who can not join us for the session, please see the summary and highlight clip for the event.

 

E-SPIN recently run a FortiWeb WAF what’s new session cover what new for new user and existing users.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

 

 

 

 

 

Read Full Post »

application-security-testing-lifecycle-espincorp

Application Security Testing got three core set of technology vendor, whether focus on Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST) or Interactive Application Security Testing (IAST) as the solution for target user group.

So far nope of any vendor can claim single product can address three core result area, the most is want you to buy sister product or complementary product (so, it is not single product).

To be specific, the topic focus on Static Application Security Testing (SAST), where heavy use by Development Team.

The market have range of offering, whether open source or commercial source offering. Since open source is depend on the user for adopt to it and for self /community support, we focus our topic on commercial tool, since they are paid tool and involved financial investment, we want to share some insight how to choose Static Application Security Testing (SAST) tool.

Despite recent years have more and more security team personnel is interest on the SAST, most of them lack one pre condition competency to master it well – the fundamental programming skill set, whether on Java, C/C++, .Net and the rest.

The great tool appreciate by programmer and developer, may or may not be the right tool for security officer, mainly due to core competency require to understanding the programming code. If you do not understanding the code, how can you study it and attempt to perform secure code review? purely depend on the automated tool and not programming language at all? you can imagine how the report will look like and whether or not can be answer developer question on the report founding.

As you can see, despite now days more and more commercial vendor attempt to market their product cross platform, can cover all the language, you will notice, truly development team will not really excite about it, since they are practice the one or very platform technology only. If you ask them to buy SAST tool claim to support 10 language, it will be nice to have, if that not their money. But in reality, they are maybe just focus on one platform only, in that scenario, specific SAST focus on platform will be more relevance and more importantly, cost much lower and more to the point platform support. It is much more easy to understand and use as well.

Do not get us wrong, we do not against universal static application security testing tool, it have it appeal market, in the matter of fact, we supply it too for some segment of the customers. We are focus on the perspective for development team, who need to use the development tool for not just static code analysis, but perform functionality, load, run time memory error testing as well to make sure the quality of the application, beyond application security testing only.

Once you develop the right perspective, you will much more easy to balance security and development team requirement. On top of it, remember for the rise of application vulnerability correlation (AVC) technology. Security team can keep using their dynamic application security testing tool (DAST), and let development team use their platform specific and more advanced static application security testing tool (SAST). Share the result in the Application Vulnerability Correlation (AVC) platform, dashboard and report to provide unified vulnerability management for the holistic view.

Another more costly and convention approach is invested on the enterprise grade solution, cover end to end and force all users to use the integrated solution.

Technology keep advancing in fast pace, you will notice those purpose built or platform specific tool will be update and upgrade in more fast speed compare with integrated tools.

One last area most of enterprise will forgot to invest on is the secure code review competency training for developer or security officer. It need to be competency specific and may not be product specific. One of the best way to acquire it is to subscribe for the computer based interactive training (CBT) that specific develop for the target competency area, such as secure code review for .Net, C/C++, Java and the rest.

If you have case specific question please feel free to contact E-SPIN for your case and requirement.  Whether on the dynamic or static application security testing tool or security testing, secure code review competency based CBT training program.

Read Full Post »

Older Posts »