What is the Security Innovation Difference?
Rigid Hiring Process
We hire only proven application security experts with the right mix of skills: software engineering, knowledge of various technologies and application scenarios, and creative imagination. Candidates must pass multiple security challenges and produce a report that gives us a feel for each candidate’s time management, communication, testing, and remediation capabilities.
Skills Maintenance
Each Security Innovation engineer is required to keep their skills honed; therefore, 10% of their time is allocated towards professional development and research in a specific field of application security. We conduct regular internal brown-bag presentations for information sharing about new technologies, techniques, attacks, etc. Engineers have direct access to our industry’s largest application security eLearning library for structured training. Our internal wiki houses all of this rich and timely content.
You Get our Full Attention
Security Innovation doesn’t double-book our engineers on projects – ever. During an engagement, clients have the full attention of all assigned engineers and a project manager to deliver daily status for short engagements and a summary mail for longer ones.
Consistency in Findings, Remediation, and Reporting
Our methodologies have been honed for over 15 years. For each assessment, we calibrate the level of tools and expert-driven effort to customer needs to ensure we achieve the most optimized code coverage – whether that be breadth or depth. We don’t just dump results on you – our job isn’t done until knowledge about the risk, remediation, and mitigation plan has been transferred. We offer the most detailed remediation guidance for each vulnerability found, contextual to your organization and any language, platform, and framework in use.
To ensure the highest quality of deliverables, every report is reviewed by at least two engineers. Additionally, we leverage our internal portal for report development, quality control, and standards compliance. This repeatability over time increases efficiency through toolset, familiarity, and efficiency gains.
Full Visibility into Coverage
In addition to our Final Report, including all vulnerabilities found and remediation and reproducibility for each, we document the exact test plan followed by the engineers. Each test case gets marked either pass or mapped to a problem report. If the test case weren’t performed for any reason, the reason would be marked on the test plan. It also includes the “recommended next steps” section, which discusses any area of assessment that would be useful.