OWASP is a great forum to share our experience of working with clients globally
Herndon, VA (PRWEB) September 5, 2008
At the inaugural OWASP Conference in Delhi on August 22nd, Paladion (Operating in the US & UK as Plynt), the leader in application security testing, shared notes from the field on how enterprises are successfully testing clusters of 100-250 applications today. Drawing on Paladion's experience with Global 500 clients, Roshen Chandran, Director Application Security Practice, shared how large enterprise security testing programs are run successfully. The cumulative experience of 55 testers doing penetration testing, application security testing and security code reviews was on display during Roshen's presentation.
Roshen picked on the trend of leading enterprises testing their entire range of applications these days, in contrast to testing a few critical applications. 5 years ago, Paladion's largest application security assignment tested 20 applications in 2 months for a bank. Today, the larger projects all involve hundreds of applications with continuously shrinking timelines for completing the tests. "As more enterprises take that route, it's important to share the early lessons from the field. We need to build on what works, and learn from what didn't. Board level concerns like brand protection, customer data protection and compliance (PCI, HIPAA, ISO 27001, OCC etc.) are finding common ground in enterprise security testing programs", said Roshen.
Enterprise scale security testing programs bring in a new set of challenges, and demand innovative approaches. With limited budgets, and tight deadlines, enterprises have to innovate to meet the targets set by top management. Roshen outlined some of the strategies adopted by Paladion's clients:
1. Develop a Risk Assessment Framework for classifying and prioritizing applications
2. Define a baseline standard test for lower risk application
3. Streamline reporting
4. Schedule in advance
5. Manage peaks and troughs in load dynamically
After the presentation, Roshen led a 45 minute Q&A session in the packed auditorium at the India Habitat Centre in New Delhi. The questions covered a wide range - from tips for designing the risk assessment framework, to ideas for streamlining security testing. "OWASP is a great forum to share our experience of working with clients globally" said Suveer Kalra, Global Head of Sales at Paladion. "The conference drew an intelligent crowd who are already sensitized to application security. Dhruv and Puneet have done a great service for the spread of application security best practices by organizing this event".
Paladion (operating in the US and UK as Plynt) is a full service information security provider; Paladion manages technology and operational risks in a continuous and holistic manner. Paladion was co-founded in 2000 by N.S. Raghavan, co-founder of Infosys Technologies Limited (INFY). With a global footprint across 16 countries and actively managing security for over 300 customers, Paladion today is the fastest growing security services firm in the Asian region. It has been ranked amongst the Top 500 Fastest Growing Technology Firm in Asia, two years in succession, by Deloitte. Paladion provides unique technology platform and integrated services framework to actively monitor, reduce and prevent risks on 24x7 basis. Our managed security technology has won several awards and accolades globally, including being ranked as Red Herring Top 100 Asia Finalist.