New Service Model Designed to Enable Enterprise DevSecOps to Build a Robust Secure Development Lifecycle

Seattle, WA – May 21, 2020 – IOActive, Inc., the worldwide leader in research-fueled security services, announced today the introduction of their new Continuous Penetration Testing (CPT) services. This new style of testing is designed to address the challenge of integrating security testing into an agile development model. As many organizations have moved to Continuous Integration and Continuous Deployment (CI/CD) processes the independent validation and verifications processes have not aligned with that enhanced agility until now.

“As enterprises have embraced agile development over waterfall, they have struggled to integrate security testing throughout the process. Time and time again it has been proven that weaving security throughout the development cycle produces stronger products and costs less in the end. To be effective, penetration testing models have to evolve to better align with how enterprises approach development, deployment, and operations,” said John Sheehy, SVP of Research and Strategy at IOActive. “We’ve worked closely with our enterprise customers to refine this model to deliver the ongoing support they need to build highly secure products in an agile model.”

Understanding that ongoing testing is critical in secure product development – just as agile focuses on small sprints and changes – CPT focuses on those associated code, network, infrastructure, application, and configuration changes early, before or shortly after they go to production. The flexibility of these services is designed to provide ongoing, cost-effective testing of components as they are developed—resulting in more robust and secure products. These new services are an extension of IOActive’s suite of Secure Development Lifecyle services that include full-stack penetration testing and threat modeling, design and architecture reviews, as well as program development and management. The CPT offering is best utilized on certain parts of the technology stack such as externally-accessible web applications, mobile applications, web services, network, and IT infrastructure.

This announcement complements IOActive’s recent Pen-testing Protection Program designed to help global small businesses continue necessary penetration testing to support cybersecurity risk management—as they deal with the financial impacts imposed by the stay-at-home orders imposed to keep their communities safe. The new CPT offering is designed to support larger organizations by providing flexible penetration testing services aligned with the CI/CD model favored by DevOps teams, while providing for the cybersecurity risk management needed by the SecDevOps team. When properly employed, CPT allows organizations to engage in effective expense management as well as enhancing the cadence and agility of external penetration testing.

“Many organizations are currently facing the existential threat of a prolonged pandemic-compromised economy. Unfortunately, this is a reminder that often it’s the unexpected threats that can be the most impactful, and as organizations face the daunting task of keeping business going, we want to add new services and flexible programs to help our customers stay viable and secure. CI/CD/CPT provides organizations with an integrated agile approach consisting of agile development along with an agile, independent assessment of cybersecurity risk” Sheehy said.

As part of IOActive’s mission to make the world a safer and more secure place, new infrastructure and tools were developed and deployed to ensure the entire suite of services can be delivered remotely to allow customers to keep their teams healthier at home as long as deemed necessary.

About IOActive
IOActive is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. Our cutting-edge security teams provide highly specialized technical and programmatic services including full stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker’s perspective to every client engagement to maximize security investments and improve client’s overall security posture and business resiliency. Founded in 1998, IOActive is headquartered in Seattle with global operations. For more information, visit ioactive.com.