In recent years, many companies and government agencies have been exposed to negative press and legal proceedings due to high-profile security breaches in which sensitive data has been either inadvertently disclosed or stolen. While many of these incidents were the result of human error, a significant percentage was traced back to poorly designed software architecture and/or applications. Conventional techniques for testing software applications can identify many vulnerabilities, but no one methodology is failsafe. Furthermore, although many security-analysis techniques require significant time and resources to administer, not every application necessitates the same level or degree of analysis.
As a result, companies face a difficult trade-off between the desire to test software and limitations on available resources and time. Moreover, many companies do not have the expertise to apply some of the more intricate and complex security assessment techniques, and thus look to industry experts for such services. This creates yet another challenge, in that often what is being tested is highly sensitive, proprietary software. Companies are eager to have these applications tested using the most effective methods, but are also reluctant to grant others access to key software assets. What is needed, therefore, is a security assessment platform that permits an outside team to design and execute custom software-security assessments against varying types of applications, and to perform an analysis that is responsive to evolving threats, does not interfere with the execution of the application, and does not threaten the proprietary nature of an application.