Cybersecurity services provider IOActive announced today the launch of a Continuous Penetration Testing service (CPT). The new CBT service employs an innovative testing method designed to address the challenge of integrating security testing into an agile development model. As many organizations have moved to Continuous Integration and Continuous Deployment (CI/CD) processes the independent validation and verifications processes have not aligned with that enhanced agility until now.
“As enterprises have embraced agile development over waterfall, they have struggled to integrate security testing throughout the process. Time and time again it has been proven that weaving security throughout the development cycle produces stronger products and costs less in the end. To be effective, penetration testing models have to evolve to better align with how enterprises approach development, deployment, and operations,” said John Sheehy, SVP of Research and Strategy at IOActive said in a press release. “We’ve worked closely with our enterprise customers to refine this model deliver the ongoing support they need to build highly secure products in an agile model.”
Understanding that ongoing testing is critical in secure product development – just as agile focuses on small sprints and changes – CPT focuses on those associated code, network, infrastructure, application, and configuration changes early, before or shortly after they go to production. The flexibility of these services is designed to provide ongoing, cost-effective testing of components as they are developed—resulting in more robust and secure products
This announcement follows on the heels of the recent launch of IOActive’s Pen-testing Protection Program designed to help global small businesses continue necessary penetration testing to support cybersecurity risk management—as they deal with the financial impacts imposed by the stay-at-home orders imposed to keep their communities safe.
IOActive’s team of industrial control security experts have vast experience across all facets of the cyber security and cyber physical worlds of critical infrastructure. Their work plays a key role in defining industry standards and best practices such as NIST 800-53 and 800-37, and they are entrenched with organizations such as the Process Control Security Forum, the Industrial Internet Consortium, SANS, and ISA.