The client was struggling to entrust their developer teams with the responsibility of handling application security. To verify whether the security controls being implemented were effective, development teams often resorted to asking infosec, which consumed a great deal of valuable time from both development teams and infosec.
The client onboarded SD Elements, Security Compass’ Policy-to-Execution platform, which has a section dedicated to ensuring that the controls developers implement are adequate. This section contains step-by-step instructions which can easily be followed by developers. SD Elements is also synchronized with external tools and SAST/DAST scanners and can import scan reports to automatically determine whether stories are validated or not.
The client’s development teams can now independently ensure that the applications they develop are secure. They’re also now aware of the weak and strong security points in their applications, helping to avoid last minute surprises during infosec application reviews.