Security Consulting – Application Development

A real life example on how SpearTip can save on costs and improve security posture:

Situation where SpearTip was brough in to train:

Company X hired a development team to develop a web application and hired SpearTip to train the team on SDL, Application Threat Modeling, Secure Coding and tactically engage on Secure Code review and Web Application Assessment.

The team built a 100K line java app in one year for product release.

Results:

• Team Cost = $1,000,000+
• SpearTip Cost = Approximately $150,000
• Final SCA = 2 Minor Findings without Remediation Requirements

Situation where a 3rd Party was brought in instead:

Same Company X outsourced development of an application to a 3rd Party and relied on their assurances of knowledge, competency and understanding of security.

The team built a 100K line java app in one year for product release. Their outsourced developers offered to perform a Secure Code Review but company X hired SpearTip instead.

Results:

• Project Cost for Development = $2,000,000+
• SpearTip Cost = approximately $50,000
• Final SCA = 4500 Findings, 3000 Critical Issues, and a 1400 page Remediation Report