
In recent years, the popularity of DevOps has skyrocketed to enable speedy development and delivery of cloud-based applications.
However, legacy software security tools have failed to keep pace, and are consequently regarded as a bottleneck to the rapid development process that DevOps facilitates.
At Prolifics Testing, we believe in Continuous Application Security. Within Agile and DevOps environments, security platforms have to analyse and protect software during runtime, and throughout the entire lifecycle.
This approach is known as DevSecOps.
By integrating security testing into the CI / CD pipeline, you can expect application security to be maintained despite frequent releases. In accordance with Shift Left practices, testing is prioritised to prevent defects early in the lifecycle, dramatically reducing risk and speeding up delivery going forward.
Quality Fusion
One of the tools we use to accomplish DevSecOps is our Test Automation PaaS, Quality Fusion (QF).
QF is a containerised and cloud-based platform that uses Open Source components and embedded AI capabilities to automate test design, data, execution and analytics. It brings together multiple solutions on one test platform that users can harness ‘straight out of the box’ to automate security tests.
The best part: QF is free to use in conjunction with any of our Automated Security Testing services.
Because Quality Fusion enables codeless test automation, meaning everyone from ordinary business users to experienced DevTesters can use it, testing becomes a priority throughout the company, with automated tests being run as part of each and every build. Through QF, your organisation can begin the journey to DevSecOps.
Security Testing Accelerator
As well as Quality Fusion, we offer a specialist Security Testing Accelerator free of charge with our Automated Security Testing service. This Accelerator has been purposely built to detect serious security vulnerabilities and threats that often go unnoticed.
Our accelerator is designed to detect the Open Web Application Security Project (OWASP) Top Ten, the most critical security risks to web applications:
- Injection
- Broken authentication
- Sensitive data exposure
- XML External Entities (XXE)
- Broken access control
- Security misconfigurations
- Cross Site Scripting (XSS)
- Insecure deserialization
- Using components with known vulnerabilities
- Insufficient logging and monitoring
At the touch of a button, the Accelerator automatically scans the application, identifying any security vulnerabilities, and produces a report with remediation steps to avoid security breaches. It also alleviates the requirement for costly security experts, who often undertake lengthy and complex analysis.
In addition, our staff security clearance process conforms to the BS7858:2012 Code of Practice for individuals employed in a security environment, and we hold Government security clearance up to Security Clearance (SC) level.