Technical debt creeps into projects in many ways, and sometimes security is just an afterthought in an industry that moves fast. The trouble is when that comes back to bite you – the impact could be huge.
VDA Labs is a trusted partner, and we’re comfortable working all across the Secure Development Lifecycle: training, architectural and API review, expert security testing, triaging, and more. As more and more companies are moving to a CI/CD model, let us help you choose, integrate, and managing the right security testing tools and processes.
Good security starts with a good design. Glazing security on afterwards is a mistake from the 90’s. VDA will review your product architecture and specifications to make sure the project is moving in the right direction.
Corrections here will save significant cost, compared to later findings.
CODE and COMPONENT ANALYSIS
Software is assembled as much as written these days. Are the components safe? Correct licensees, and up-to-date? We’ll check. VDA will also check the security of the code. We use a combination of open source and commercial tools to scan for bugs. We then dig deeper using manual code audits to find those subtle bugs automation will never find. VDA will also help you tune against FPs (false postivies) if you signup for our AaaS
For runtime/DAST (Dynamic Application Security Testing) on natively compiled code (C/C++) we’ll do fuzzing. We literally wrote the book on fuzzing. For web applications and mobile we use other scanning tools, including a new REST API scanner we’re partnering with Microsoft on. For any code type – again a combination of manual and automated pentesting with tools like Burp used by experts – is required to drill past what automated tools can find. In short, we’ll find those hard to reach bugs.