Innovation & Quality
NEW YORK, July 1, 2014 – Last week in Gartner’s 2014 Security & Risk Management summit, analysts discussed the trends of Information security technologies. Neil MacDonald, Vice President & Gartner Fellow, stated that IAST, Interactive Application Security Testing, is one of the top 10 technologies in information security, which are emerging technologies that are going to have an impact in the market in 2014 and beyond, and transform people, process and technology.
Organizations are moving to Agile development, continuous integration and automation to keep up with growing user demands. With all business conducted online, attacks on applications are increasing in frequency and sophistication. To stop attackers, application must be tested and secured, security must become Agile, continuous and automated.
Interactive Application Security Testing, pioneered by Quotium in 2011, has changed the way organizations are securing their software code.
«It is the first time that application security can be done in a truly automated way, requiring no human intervention or security expertise,” says Ofer Maor, CTO for Quotium. He adds, ”
Unlike traditional technologies (such as SAST or DAST), IAST technology ties vulnerable code to business impacts providing an immediate view of risks. It pinpoints real vulnerabilities with no false positives and gives immediate, focused code remediations. This makes IAST a strong technology that truly integrates security into continuous integration and test automation as part of the software development lifecycle.»
Later in the summit, Joseph Feiman, Vice President & Gartner Fellow, reemphasized the importance of IAST technology in improving on the accuracy of traditional technologies. In his talk on Application and Data Security Roadmap, Feiman named IAST as a breakthrough technology, and urged organizations to start evaluating and deploying IAST solutions.
Quotium’s Seeker, which pioneered IAST and is the only IAST product today with a broad technology support, clearly shows why this technology is changing how application security takes place.
Most application attacks are not about defacement or taking a server offline, they are about targeting the sensitive data these applications handle. The IAST technology gives context awareness, allowing organizations to prioritize from different risk levels, as opposed to prioritizing different vulnerabilities without the ability to assess their impacts. Seeker looks at vulnerabilities in the context of user data in the application. It understands how sensitive data are handled and uses this context information to assess the real risk of vulnerabilities.
Seeker allows organizations to create code which hackers cannot abuse to gain access to their most critical data. It seamlessly integrates security into the development lifecycle, in a fully automated manner, running as part of continuous integration and within the existing workflow of the R&D. This enables organizations to secure their code with minimal effort, reducing both cost and risk.
Quotium helps businesses protect data and reduces application risk. Quotium provides automated technologies to make business applications secure and robust while delivering application security that is better, faster and more accurate than other offers on the market. For organizations that are looking for a way to embed application security in the software lifecycle, our expertise and offerings provide efficient and effective vulnerability detection in an easy to use solution.
This post is also available in: French