Nov 27, 2014

Security Follows Business. And That's OK.

Services dynamically evolve with changes, production deployments, application of patches and configuration tweaks. These modifications directly or indirectly affect the stability and security, hence vulnerabilities might be introduced. Periodic and continuous security scans should prevent such vulnerabilities lingering around for a long time for an attacker to take advantage of.

Let's face it, security comes after business. And why shouldn't it be for most of the commerce systems? A security decision against business is hardly accepted. An operation team member may left open a known service port on an Internet facing service with default or easy to guess username/password for just "in order service to be up and running" against a strict deadline. The responsible security team or professional should continually scan the services for these type of "innocent vulnerabilities" and gets them fixed. 

Continuous security scan services periodically scan a target network, applications and find then report vulnerabilities. Moreover, such a service should not just "scan and find" vulnerabilities, it also has to add manual value to the analysis by eliminating false positives, helping prioritization and utilizing manual audits for hard to find business logic and design vulnerabilities.

NormShield is the top quality on-demand vulnerability assessment service with virtually zero false positive rate and an affordable price. It is easy to use but contains sophisticated web-based flows merged with critical human intelligence support.