Application Security

Cert2Connect has a strong focus on application security, also known as AppSec. Not surprising when you consider that many, if not most, weaknesses arise in application development. This focus is reflected in much of our support for companies and organizations. We have developed a broad offering for the security of applications.

For application security, we frequently offer solutions to discover vulnerabilities as early as possible during the development process before a software release goes to production. And operationally fully integrable within SDLC and DevOps. In addition, Application Security Posture Management (ASPM), an agile AppSec delivery model in which resources , processes and technologies are effectively employed to lead a high performance and systemic- yet sustainable AppSec program.

Solution

Checkmarx

The world runs on code. We secure it.

Checkmarx One is fast and accurate. It aligns perfectly with DevOps processes and educates developers in secure coding and security awareness.

Solution

Bright

A platform for - developer first - Dynamic Application Security Testing (DAST), built specifically for software developers.

Solution

Reflectiz

Reflectiz

3rd party apps risk management of your (e-commerce) website. Having control over all code of the website as it runs in the visitor's browser. No more blind spots!

Main Security Features

In short, with our SAST, SCA/SCS, DAST, IaC, and API Security testing solutions, vulnerabilities are checked throughout the SDLC. A better security-by-design is hardly imaginable. And with Reflectiz's continuous monitoring on the production side for potential vulnerabilities in third party apps/scripts, your application security is in tip-top shape.

In cyber security, everything is interrelated. Therefore, the tools and security software we deploy overlap certain services and services. Our portfolio is composed in such a way that it covers cyber security across the whole range.

Checkmarx is at the beginning of the software development lifecycle (SDLC), offering real shift left to devevopers. One of the modules of this tool checks the uncompiled code, and others check the dependencies with the different open source packages used, the API security or IaC applied in cloud-native environment.

Checkmarx has developed Fusion, to provide advanced correlation in MAD environments. Resolving the inefficiency of manual correlation and the deficiency of alternate solutions that merely aggregate results,

Bright is a platform for Dynamic Application Security Testing (DAST) and focuses on things further down the SDLC. Specifically for developers, it analyzes web applications through simulated attacks.

Unlike Checkmarx, the code itself is not checked. The check can only be done later in the development process, after compilation and build of the application. Nevertheless, you can still process the results during the development phase.

Reflectiz checks the 3rd, 4th and 5th party scripts on the production side. After the automated SAST and DAST checks, Reflectiz checks whether what looks so good in theory, also works in practice.

Are there no weak spots in that supply chain that are only now emerging? Reflectiz automatically checks the scripts in a browser such as those of your visitors. So if a script that always goes to Google.nl suddenly follows the route to an address on the dark web, the tool sounds the alarm.

Application Security Blog

Blog Page

Alles wat je moet weten over webskimming-aanvallen

Alles wat je moet weten over webskimming-aanvallen

Web skimming, ook bekend als digital skimming, is een hacktechniek die zich richt op digitale bedrijven door niet-gecontroleerde en gecompromitteerde webapplicaties aan de browserzijde te manipuleren. Meestal worden deze aanvallen geïnitieerd door kwaadaardige JavaScript-code (JS) strategisch op betaal- en afrekenpagina's van de website te plaatsen en waar nietsvermoedende gebruikers hun persoonlijke en financiële gegevens invullen. Hoewel ze vaak te vinden zijn op eCommerce-websites, worden tegenwoordig ook banken, financiële dienstverleners, gezondheidszorg, toerisme en andere eService-platforms aangevallen.

Focus Supply Chain Security

AST: Continuous Visibility on Modern Application Development Security Risks

AST: Continuous Visibility on Modern Application Development Security Risks Wat is Modern Application Development? (MAD) In het nieuwe tijdperk van softwareontwikkeling kunt u zich voorstellen...

Focus Application Security