You are good at building software products, but you also have to make your products secure. Because your customers ask for this, because you have to comply to certification standards, and oh yes: because you want your product to be safe. You understand that there is a possibility you get hacked, and realize a hack will cost you money, reputation or even both. Perhaps you have already tried pentesting, but that’s a snapshot capture: if you work agile and deploy continuous, new vulnerabilities may slip in and go unnoticed until the next penetration test.
Therefore we created Software Security Engineer as a Service from Codian:
Codian has developed an in-house Security Review Environment which all our software security engineers use. It enables use to continuously review your code efficiently and effective.
Any issue found by our security engineers will be communicated directly to you in your issue tracker; this can be GitLab, GitHub, Jira or anything else. Next to this, we also deliver a monthly overview report for the management team. This gives insight into the security state of your product and tracks your security progress.
Our reported vulnerabilities include one or multiple mitigation strategies. They take into account the vulnerability and your current code base. This enables your developers to follow a plan to mitigate the vulnerability. If anything is still unclear, we can help you directly from within your issue tracker.
The Codian platform can be easily connected to your repositories. From that moment on, security engineers will asynchronous analyze your source code for security issues. This will cause no change in your current development process. Finally, our security engineers need no time getting up to speed because of their years of experience analyzing source code.