Security Testing Services
According to Gartner, 75 percent of all cyber-attacks occur through web applications. A study conducted by Aberdeen Group, involving over 150 organizations, says that the average cost of remediating a single application security incident is approximately US$300,000. Furthermore, in a survey of IT and security professionals conducted by Check Point, 42 percent companies said that a mobile security incident costs them over US$250,000. The penalties for not being PCI DSS compliant range from US$5,000 to US$500,000, with the fines being levied by banks and credit card institutions. Given these figures, cyber security is an obviously major concern for organizations and getting it wrong can burn a large hole through their pockets.
NASSCOM claims that the current share of cyber security is US$1.5 billion and that this figure is likely to grow to US$35 billion by 2025. The worldwide cybersecurity market size (as per Gartner) will touch US$170 billion by 2020. Nearly 1,000 startups will emerge in the security domain over the next 10 years.
The application security testing market size will reach US$4.96 billion by 2019 while the mobile security market could reach US$34.8 billion by 2020. Some of the top breaches we have witnessed over the last three years include cyber-attacks on Sony Pictures, eBay, Target, a Bitcoin bank, Natural Grocers, Apple, Anthem, Home Depot, JP Morgan Chase, Heartland, the US Military and Ashley Madison.
Application security testing
Application security testing is an approach to validate security requirements and uncover vulnerabilities in an application (web / mobile / thick client / web services) and its associated components, by performing static and dynamic security testing. Security testing is becoming a crucial validation activity. It cuts across the lines of business (LOB), enterprise testing, and shared services. Thus, chief information security officers (CISOs) and several information security groups are looking to add security testing as a new service line.
Infosys security testing offerings
We provide best-in-class solutions for a wide-range of security testing requirements. Our Testing Center of Excellence blends experience and expertise that helps us deliver tangible value to clients. Our portfolio of offerings include:
- Web application security testing (Secure code analysis, penetration testing, vulnerability management)
- Mobile security testing (Mobile web, native and hybrid apps)
- Wearables security testing
- Infrastructure security testing
- Secure software development life cycle (SDLC) integration and security training
- Integration and customization of security testing services as part of the Testing Center of Excellence (TCoE) / enterprise testing services
- Data security validation and role-based authentication and authorization testing
- Web services / API security testing
- PCI DSS compliance security testing
- Social engineering attacks security testing
The Infosys advantage
- A wide range of solutions and technology accelerators that include:
- Trusted application development and maintenance (TADM) framework for secure SDLC
- Application security assessment tool (ASAT)
- Threat intelligence tool (Threat analyzer, attacks analyzer)
- Mobile application security framework (iMSF)
- Security testing automation using commercial and open source tools
- Automated mobile penetration testing – Infosys Android Pen test tool
- Data privacy and data masking tool (iEDPS tool)
- Emerging technologies security testing (IoT, big data)
Infosys zero distance to security
- Security to everyone by making security affordable and easy to adapt (reusable artifacts, evangelization sessions, playbooks and roadshows)
- Cloud-based security testing services
- Gamification of security awareness and training
- Security workshops and seminars at client locations
Experience and expertise
- On-demand security testing, managed security testing services, and security testing CoE setup
- Over 120 successful implementations. We currently offer security testing services to more than 25 clients in North America, Europe, and the APAC regions
- Over 90 trained / certified security engineers, including CEH, SANS GPEN, and CISSP & CISA
- Collaboration, research, and papers presented in top security conferences like Nullcon, IEEE
- Collaboration with iCETS Security CoE team, IIITs, security product companies (like Checkmarx) and alliances with leading vendors like HP, RSA, IBM, Symantec and CA.
Infosys Center of Emerging Technology Solution (iCETS) security CoE
- The security center of excellence (SCoE) was established to drive innovations in the security domain and develop secure SDLC frameworks for building security applications, alongside improving security assurance effectiveness and productivity through the creation of tools,accelerators and leveraging iCETs SCoE solutions, IPs, patents as differentiators.
iCETS SCoE works on cutting edge technologies in mobile security, wearables security, IoT security, document security, digital signatures, PKI, strong authentication, and data privacy protection.