Static Application Security Testing (SAST)
The Cognizant SAST solution analyzes an application from the “inside out” in a non-running state. It uses a combination of software tools and a manual review process followed by false positive elimination. In this way, a Cognizant assessment ensures discovery of all known vulnerabilities including the ones recommended in OWASP (Open Web Application Security Project).
Our approach includes analysis of application source code, byte code and binaries for coding, as well as design conditions that indicate security vulnerabilities. The assessment also includes recommendations for fixing those vulnerabilities.
Dynamic Application Security Testing (DAST)
Cognizant Dynamic Application Security Testing (DAST) involves the analysis and identification of security posture in terms of architectural weakness, coding practices and vulnerabilities of Web applications in running state or under dynamic conditions. Our testing approach is based on industry standards such as CVE, SANS, ISECOM and OWASP (Open Web Application Security Project) as well as in‑house techniques developed by Cognizant.
Penetration Testing
Penetration testing is the advanced methodology of identifying potential threats and vulnerabilities by prioritizing the highest risk vulnerabilities. Cognizant’s penetration testing process employs multistep and multi‑vector attack scenarios that first find vulnerabilities and then attempt to exploit them to move deeper into the enterprise infrastructure.
Penetration testing provides visibility into aggregations of misconfigurations or other vulnerabilities that could lead to an attack causing serious business impact to your organization.
Secure Design Review and Threat Modeling
Cognizant's security design review service includes a thorough review and analysis of application design. The service evaluates effectiveness of access control, authorization (including role management and separation of duties) and adherence to security principles for confidentiality such as integrity and availability.
Vulnerability Management
Cognizant's Vulnerability Management service involves remediation, tracking and closure of identified vulnerabilities in coordination with Cognizant’s central incident response team. Our process also integrates with enterprise-wide GRC tools. High-level activities include:
Enterprise vulnerability management program focusing on:
- Vulnerability Remediation: uses processes and tools focused on compliance-driven priorities
- Integration with risk management solutions in the long term
- Vulnerability Validation Service: Reviewing remediated vulnerabilities and creating a validation report on the fixes implemented
- Support for remediation of network vulnerabilities
Compliance Specific Service
Cognizant offers security testing specific to various industry regulations, including PCI DSS, HIPPA, GLBA and SOX. We validate key security controls specific to various regulatory compliances that your company needs to adhere to in your industry. We recommend specific controls to be implemented during various phases of an SDLC (Secured Development Life Cycle Program).
Maturity Modeling
Cognizant Maturity Modeling helps organizations formulate and implement a strategy for application security during the software development lifecycle. The service is tailored to eradicate key vulnerabilities that can become a serious threat to your organization’s credibility. High level activities include:
- Evaluate existing software security practices during SDLC
- Strategize a balanced Secured Development Life Cycle Program in collaboration with the development team
- Improve and enhance SDLC
- Training programs and business communication for all relevant stakeholders
Security Training as a Service
Cognizant’s Security Training as a Service offers training programs on best practices to be followed during various phases of the Software Development Life Cycle. High level activities include:
- Training programs and periodic workshops for development teams on secure coding practices
- Training sessions that include both e-learning and classroom-based instruction for implementing a validation mechanism. This ensures that vulnerabilities are remediated appropriately
- Conduct security awareness testing through safe and controlled replication of social engineering threats
- Introduction of certified ethical hackers as trainers
- Periodic updates on advanced threats and vulnerabilities in current usage
Mobile Security Testing
Rapid growth in mobile applications has ushered in new types of security threats to the enterprise. Cognizant’s Mobile Security Testing service follows a well-defined process of testing apps used by smartphones and other devices. Applications tested for vulnerabilities include business apps, multimedia, utilities and games. Types of testing include:
- Emulator and device-based testing
- Architecture review
- Reverse engineering
