To help product teams address emerging security challenges, Praetorian has created research-driven evaluation methodologies that incorporate guidance from the OWASP Application Security Verification Standard (ASVS), which normalizes the range in coverage and level of rigor applied to each application. With its 3 levels of testing rigor, 17 security control categories, and 211 defined test cases, this approach allows our team to meet your unique testing and budget goals by offering tiered pricing based on the comprehensiveness of the security review.

Techniques for uncovering vulnerabilities

• Penetration Testing
• Code analysis
• Run-time analysis
• Design analysis
• Binary analysis
• Requirements anslysis

Software development has shifted. With mass adoption in cloud and container technologies, Internet-based companies are shipping code at unprecedented speed. The new pace in which code is being pushed to production is causing security teams to reexamine how they integrate security verification into the software development lifecycle.

To meet the needs of customers adopting rapid iteration development practices, we have created a new client experience that we call Security-as-a-Service. With this service, we are transforming the way in which product security evaluations are performed. As an alternative to providing clients a security evaluation that represents a single, snapshot in time, we offer a holistic, continuous security analysis. From vulnerability identification to vulnerability remediation, we deliver a comprehensive security view into an organization’s product portfolio. Through our unified vulnerability management platform, clients can continue to leverage the trusted, in-house expertise that Praetorian has become known for while scaling up on-going testing coverage via continuous integration and leveraging machine learning vulnerability identification techniques.

Elements of automation:

• Code annotation
• Continuous integration
• Continuous delivery
• Deep learning

Praetorian is known for delivering actionable, accurate assessments that produce tangible security improvements. Many clients continue to improve their security posture by leveraging our team's security expertise throughout their full security life cycle to ensure successful mitigation and remediation. Praetorian is a collective of highly technical engineers and developers with decades of industry experience. We truly act as an extension of your team offering deep security expertise, unified through software, that helps you prioritize risk so you can successfully balance risk with time-to-market pressures.

Product security remediation services:

• Mitigation verification
• Code patching
• Vendor analysis
• Design/development

This can be accomplished using a software maturity model, such as OWASP’s Software Assurance Maturity Model (OpenSAMM), BSIMM, and Microsoft SDL. The maturity model describes a wide variety of activities in which an organization could engage to reduce security risks and increase assurance. Leveraging a maturity model is the best approach when reviewing security over the entire software development lifecycle. A maturity model is appropriate for two reasons. First, the business objectives of a company and the maturity of its software security practice will vary widely from one organization to the next. Not all organizations need to achieve the same security goals, but all organizations can measure their standing against a uniform yardstick. Second, integration almost always means changing the way an organization works—something that doesn't happen overnight. A maturity model provides a way to assess the state of an organization, prioritize changes, and demonstrate progress.