A set of complete self-developed "service + tool + platform" SDL whole process scheme. Threat modeling
based on business scenarios, static application security testing, interactive security testing,
and normal security operation make it in an advantageous position in the market competition.
Most security vulnerabilities occur at the application level NIST has published data showing that 75 percent of security vulnerabilities occur at the application layer, rather than the network layer as previously thought, indicating a software security problem |
Software faces huge bug fix costs when it goes live The frequent occurrence of serious security problems after software release or even operation will not only generate huge public relations and vulnerability repair costs for software publishers, but also bring great damage to their own brand reputation and credibility. |
False positives are the key pain points of R & D security construction The problem of false positives of existing R & D safety commercial tools is a key pain point in R & D safety construction. The direct result of false positives is the safety landing resistance from front-line R & D personnel. |
Personal information protection legislation continues to heat up Eu's GDPR, PCI DSS, Personal Information Protection Law and other laws are increasingly strict. Violations will not only cause economic losses due to punishment, but also damage brand image and corporate reputation. However, application software is an important carrier of personal information, including collection, storage, processing, dissemination and other processes, which is a high incidence of information disclosure risk. |
Service Pervasive empowerment Targeted empowerment Regular security consulting Security on-site service |
Process Requirements and Architecture phase: Threat modeling based on business scenarios Software coding phase: static application security testing Software testing phase: interactive security testing Online phase: normal and safe operation |
Platform Through a unified platform, the detection results of intervention tools for each process are displayed and operated in a unified manner. Convenient for users to close the loop on security issues, discover high-frequency security blind spots and conduct quantitative security statistics. |
Zero threshold, no awareness of safety testing The industry's first zero threshold, no perception of safety intervention program, does not change the original work process, does not increase the workload of the relevant personnel, does not change their way of work, so as to achieve a more effective safety landing. |
Unified on-line detection process Establish a unified pre-delivery detection process, set a red line rule, and require the delivered project to pass the unified security test of Jingan Technology SDL solution without specific medium or high risk vulnerabilities, so as to realize the unified online detection process construction and vulnerability control of the enterprise itself. |
Low false positives, high detection Through the stepwise detection scheme, the most suitable detection methods and optimal detection rules are involved in different stages of research and development to ensure that only real vulnerabilities are detected in each process. |
The first logical vulnerability automatic detection scheme in China Automatic security detection of horizontal override, vertical override, fixed CAPTCHA and other logic class vulnerabilities, effectively solving the difficulty of logic class vulnerability detection. |
Canonical vulnerability regression process Through the one-key regression test function, the attack code detected at the time of vulnerability is used to conduct the attack test again, truly confirm the repair status of the vulnerability, and prevent the "circumvention" vulnerability from escaping the detection of the legacy online. |
Help enterprises have independent research and development security capabilities Improve the enterprise's own security capacity building, through the privatization of the deployment of all aspects of the plan, plus normal security consulting and empowerment, truly improve the enterprise's own security capability, gradually reduce the dependence on the third party security services, significantly reduce costs. |
The value-added output of external security capability is carried out by using the self-built Jingan Technology SDL program, so as to expand the beneficiaries of the program and achieve a win-win situation for all parties
For outsourced development delivery projects, red-line requirements can be set to ensure that delivery tests must be conducted in specific functional testing environments before delivery, so as to effectively achieve delivery quality control of outsourced development.
Through plug-ins and open API connection, the SDL solution of Jingan technology can seamlessly connect with the existing Devops process framework, and finally realize the upgrade from Devops to DevSecOps, effectively improving the security capability in the automation process.
The value-added output of external security capability is carried out by using the self-built Jingan Technology SDL program, so as to expand the beneficiaries of the program and achieve a win-win situation for all parties.
Company Name: Shanghai Jingan Information Technology Co., LTD
Email:info@easmcn.com
Official Accounts
Mini Programs
