Periodic Reporting for period 1 - Probe.ly (PROBE.LY - Web Application Vulnerability Scanning Suite for Agile Teams)
Okres sprawozdawczy: 2018-04-01 do 2018-09-30
Recent history tells us that security breaches in result of successful web application attacks are among the top breaches in history. With this, millions of records of personal (and long-lived) identifiable information are exposed on the Internet and sold on the black market. The root cause of these successful attacks is vulnerabilities or security issues found in web applications. These vulnerabilities are inadvertently introduced in the code of web applications by their developers. Given the impact that such breaches have on society in general, proper and efficient security testing is paramount to increase the security of applications, the internet, and the society.
Current security testing methodologies, such as penetration testing, need to be challenged. Agile (iterative and incremental) software development methodologies have become popular and trendy, leading to more frequent releases. However, this is not compatible with penetration testing, because of the time and costs involved.
On the other hand, smaller companies don’t have the resources to hire a penetration testing service or to have an internal security team, leaving out proper security testing from their roadmap.
The solution relies on a) something more affordable and b) something that doesn’t require a lot of time from technical teams and that allows developers to be more independent when it comes to security testing. And these are Probely’s DNA.
The objectives for this SME Instrument project were to conduct a feasibility study for the aforementioned product and to study the viability of the business.
Current security testing methodologies, such as penetration testing, need to be challenged. Agile (iterative and incremental) software development methodologies have become popular and trendy, leading to more frequent releases. However, this is not compatible with penetration testing, because of the time and costs involved.
On the other hand, smaller companies don’t have the resources to hire a penetration testing service or to have an internal security team, leaving out proper security testing from their roadmap.
The solution relies on a) something more affordable and b) something that doesn’t require a lot of time from technical teams and that allows developers to be more independent when it comes to security testing. And these are Probely’s DNA.
The objectives for this SME Instrument project were to conduct a feasibility study for the aforementioned product and to study the viability of the business.
The main work conducted for this project includes a thorough Business Plan, an Operation Plan for the go-to-market and a work plan for phase 2 of the project.
The overall results showed that while the market is saturated with competitive solutions, none of the main players is addressing the need that security testing should be shifted to Development/DevOps teams. This created an opportunity to differentiate Probely from its competitors. We conducted interviews with clients and potential clients, through phone conversations and in person meetings in conferences, who confirmed the aforementioned assumption.
The overall results showed that while the market is saturated with competitive solutions, none of the main players is addressing the need that security testing should be shifted to Development/DevOps teams. This created an opportunity to differentiate Probely from its competitors. We conducted interviews with clients and potential clients, through phone conversations and in person meetings in conferences, who confirmed the aforementioned assumption.
In an era where more and more companies are embracing the DevOps model of software delivery, security testing can only be effective if shifted to Developers/DevOps. Existing solutions that address this problem are still in their infancy, which leaves Probely well positioned and with the potential to become an effective solution to overcome this problem and to go beyond the state of the art.