Market leaders in Pentest Management and AppSec Learning launch the industry’s first integrated AppSec Learning and Pentest Management Platform.
MELBOURNE, Australia, May 30, 2024 (Newswire.com)
–
AttackForge®, a global leader in Pentest Management solutions and SecDim, a provider of a unique Security Learning platform, has today announced a solution to address the systemic problem of the same vulnerabilities resurfacing from one penetration test to another.
“One of the most irritating and costly problems in penetration testing today is the same vulnerabilities getting reported time and time again, often due to gaps in knowledge and skills. Traditional secure code training is mostly generic, compliance-driven and not directly relevant. By integrating SecDim’s platform into AttackForge – this makes it very focused, engaging and relevant. We can now link real vulnerabilities discovered during a penetration test to security learning exercises. This makes it possible for engineers to explore the vulnerability in a safe sandbox, to learn, build and verify that their security patch works,” said Stas Filshtinskiy, Co-Founder of AttackForge.
The new capabilities allow security and engineering teams to explore real vulnerabilities found in their applications, providing a collaborative environment to learn more about the vulnerabilities and to increase skills and knowledge in preventing them from reoccurring.
“Penetration testing often results in recommendations to engineers on how to fix the vulnerability, and it stops there. The integration with SecDim goes further – taking that very same vulnerability and enabling the engineer from within AttackForge to deploy a private learning environment where they can experiment with the recommendations from the pentest. By understanding the root cause for vulnerabilities and verifying security patches sooner, organizations can reduce the exposure times for vulnerabilities. This reduces costs on failed retests and increases pooled knowledge for engineering teams to stop those vulnerabilities happening again,” said Fil Filiposki, Co-Founder of AttackForge.
SecDim platform focuses on engagement with engineers and devops teams using developer-centric language. SecDim presents AppSec and DevSecOps security weaknesses as programming challenges in a code repository.
“Developers are natural problem solvers. However, security is rarely communicated to them as a software engineering problem. We cannot expect a developer to read through a vulnerability description and immediately understand how to fix it. With AttackForge integration, we present the vulnerabilities discovered in their recent pentests as a programming challenge. The challenge is presented to them in a sandbox, where they can explore the vulnerability, learn its root cause, experiment and build a robust security patch,” said Dr. Pedram Hayati, Founder of SecDim.
This integration is available immediately. All existing customers of AttackForge now have access to the SecDim integration free of charge.
About AttackForge
AttackForge Pty Ltd is the leading provider of penetration testing management and workflow solutions, pioneering the world’s first full lifecycle pentest management platform. The AttackForge platform is used daily by hundreds of security teams around the globe. On average, a new pentest is started every thirty minutes using AttackForge. The company’s Enterprise product is trusted across all industries and verticals – in government, healthcare, banking, retail, oil & energy, telecommunications, and other regulated industries. AttackForge Core is used by leading security consultancies, MSSPs, specialized security companies and professional pentesters. Visit https://attackforge.com for a comparison of products.
About SecDim
SecDim is the world’s first developer-centric attack and defense wargame. SecDim’s platform empowers developers and security engineers to collaborate and explore the entire spectrum of a security vulnerability: from finding and exploiting the security vulnerability to remediating it in the code. SecDim provides wargames and sandboxes that replicate security vulnerabilities inspired by real-world incidents. Visit https://secdim.com to find out more.
Source: AttackForge, SecDim