DevSecOps

What is it?

The Paved Road is a concept that formalizes both expectations and commitments between your AppSec team and your internal customers or developers. In short, it ensures that the quickest path to production is always the most secure. It enables AppSec to become seamlessly integrated through tools and methodologies so that app developers can be streamlined by the security team and they can focus on feature development.

Whether you are currently using team collaboration tools, following Agile methodologies, or have multi-cloud hooks for your applications, Data Theorem provides DevSecOps teams the support they require utilizing all of the above by focusing on helping you get your next release out quickly and securely. The road to production can be windy, but utilizing Data Theorem as your premier AppSec vendor can aid you in keeping track of your development and keeping any issues in check.

How we do it?

1. AUTO-TRIAGE OF VIOLATIONS - MOBILE, WEB, API, AND CLOUD

Data Theorem’s Analyzer Engine performs auto-triage of any issues or vulnerabilities across all product areas, from mobile/web applications to cloud building blocks, even capturing any issues that may be present with your public or private APIs. Instead of having your team try to find the most important issues, rely on previously set priorities and the automatically generated auto-triage results in your Data Theorem product dashboard. This helps streamline your development process, thus aiding in a smoother road to production.

2. REMEDIATION AND SECURE CODE

Once your issues are populated, you and your team might typically have to figure out the best and most efficient way to fix these. Data Theorem helps you here by providing remediation, and even auto-remediation in some instances. The product goes one step further by even providing secure code examples that you can directly replace in your existing code base. Simplify these even more with CI/CD integrations and alerts, which can be set up on your time cadence of choice be it daily, weekly, or monthly.

3. THIRD-PARTY SDKS AND OSS LIBRARIES

Many modern applications will leverage hundreds of existing third-party SDKs, Open Source codebases, and libraries in order to expedite code and build on top of foundational feature sets. Data Theorem’s Paved Road assists your team with going further than just verifying the security within your own code, but also extending the same checks and security methodologies to these linked third-party codebases as well. You and your team no longer need to spend the time researching these third-parties for any potential vulnerabilities while Data Theorem does this for you.

4. SHADOW APIS

With large codebases come additional concerns as oftentimes it has been found that breaches are related to assets unknown to the developers or even due to backdoor secrets in the application. In an Ohio State University research study checking the top 150,000 applications in the public app stores, they found that almost 10% of apps contain backdoor secrets. As applications continue to grow in lines of code and leverage various existing third-parties or APIs, the attack surfaces grow as well. Data Theorem’s analyzer engine helps you and your team keep tabs on all parts of your application, their location, and any related owners. Any issues or concerns that come with your application scaling can be remediated through this feature.

5. PRE-PRODUCTION VALIDATION

Data Theorem and the Paved Road ultimately help streamline your pipeline and release process. Starting with the steps outlined above including checks for any violations in both your code as well as third-party code and scans for shadow APIs, the found issues are then auto-triaged with remediation options, helping your application move to staging. Before ultimately releasing your application, the analyzer engine also runs pre-production validation and checks on those final steps that are vital before release including compliance and app store blockers. When it comes to compliance, Data Theorem products always check for compliance with regulatory standards and requirements including PCI, OWASP, HIPAA, GDPR, CCPA, and more. See for more information. In addition to verifying compliance, Data Theorem runs standard Google Play and Apple App Store checks to ensure that once you do submit a release, your application will be green lighted for publishing. Finally, all of these steps can be continuously done utilizing team collaboration tools such as JIRA, Jenkins, Teams, Slack in order to both notify you about vulnerabilities as well as allow you to set up scans and checks as frequently and as comprehensively as your team or application demands.