informa
Products & Releases

Security Innovation Bridges Gap Between Compliance And Application Security

TeamMentor Enterprise Edition includes guidelines for developing applications in compliance with the latest version of PCI-DSS
Wilmington, Mass., – March 16, 2011 – Security Innovation today announced that it has added new, real-world knowledge and best practices to TeamMentorTM Enterprise Edition, its cloud-based (or self hosted) training product that proactively guides practitioners as they design, build and test software. The new content reflects the growing importance of application security in industry compliance requirements and best practice standards such as PCI-DSS, OWASP and CWE. TeamMentor provides practical, accurate information in one place, making it easy for organizations to map knowledge to compliance, standards, policies and other business drivers and then apply that knowledge to real-world applications.

The new TeamMentor Enterprise Edition includes guidelines for developing applications in compliance with the latest version of PCI-DSS (2.0), the actionable framework for developing robust payment card data security processes. It also includes the most up-to-date OWASP Top 10 threats and mitigations, which have become a widely recognized informal standard for Web application security. The Top 10 list is referenced in standards such as the PCI-DSS and is used as a basis for many internal security policies.

“Organizations understand the requirements they need to adhere to, but translating that into specific development actions is challenging,” said Fred Pinkett, vice president of product management, Security Innovation. “TeamMentor provides an easy way to bridge the gap between requirements like PCI-DSS, internal practices and development implementation by guiding architects, developers, testers and managers with knowledge and standards so they can proactively build security into all phases of the software development and deployment lifecycle. The result is compliance that brings with it lower costs, lower risks and data protection.”

Insecure applications are the biggest threat to data. More than 90% of data breaches occur at the application layer. As a result, regulators and industry standards bodies have dutifully added explicit and implicit security requirements as they relate to application development practices. Security Innovation has linked its knowledge of secure application development with the latest industry standards, requirements and guidelines. The new best practices include guidelines for developing with:

PCI-DSS 2.0

OWASP Top 10 Application Security Risks

Common Weakness Enumeration Top 25 Most Dangerous Software Errors

Security Innovation has also continued with its commitment to bring deep technical content to TeamMentor Enterprise Edition by adding hundreds of assets, such as in depth labs on the most popular developer technologies.

New C++ library that includes guidance to avoid making commonly exploited mistakes, such as buffer overflows, integer overflows, format string vulnerabilities, insecure error handling, various memory allocation and pointer errors, etc.

New Security Engineering library that covers the main aspects of integrating security engineering activities into the software development life-cycle.

New ASP.Net library with support for ASP.NET 4.0, the latest version of this Microsoft framework

Updated Java content

Aligning with its strategy to be the authority on application security, Security Innovation also announced today the availability of 13 new courses to its TeamProfessor Web-based training library. See press release: “Security Innovation Brings Real-world Experience to Secure Application Development.”

About Security Innovation

Security Innovation is an established leader in the application security and cryptography space. For over a decade the company has provided products, training and consulting services to help organizations build and deploy more secure systems and improve the process by which their applications are built.

Security Innovation built upon its core competencies in application security with the acquisition of NTRU CryptoSystems in 2009, a company that developed proprietary, standardized algorithms. This resulted in the strongest and fastest public key cryptography available and the means to overcome historical performance barriers that have plagued the encryption industry. With these core strengths intact, Security Innovation is in a position to help organizations protect their data at two critical points: while applications are accessing it and during transmission. The company’s flagship products include TeamProfessor, the industry’s largest library of application eLearning courses, and TeamMentor, a web-based secure development methodologies product.

Security Innovation is privately held and is headquartered in Wilmington, MA USA.

Note to Editors: Security Innovation, TeamMentor, TeamProfessor and the Security Innovation logo are trademarks of Security Innovation. All other brand names may be trademarks of their respective owners.

Contact:

Maureen Robinson

Security Innovation

(978) 694-1008 x121

[email protected]

April Corso

Lois Paul & Partners

(781) 782-5831

[email protected]

Recommended Reading: