SD Elements Logo

A product of Security Compass

Learn More Request a Demo

Overview

Be more proactive. Make security measurable. Go to market faster.

SD Elements is a software security requirements management solution. Using a short questionnaire, SD Elements automatically generates relevant security requirements for an application, links them to test cases and delivers them into development tools.

When building or maintaining a mature application, SD Elements effortlessly integrates with your development tools and processes to ensure your software is secure. It provides prescriptive, secure coding advice based on your project’s application technology, business and compliance drivers.

With SD Elements, vulnerability scanners and source code reviews validate that you have followed requirements eliminating costly vulnerability remediation. SD Elements scales easily to thousands of applications allowing centralized information security teams to positively influence software development across the organization with minimal process change.

View the 5 steps »

Simplify

Predict

Clearly understand security requirements and test against them rather than simply testing your software with opaque tools and processes.

Checklist

Plan

Integrate security seamlessly into your existing development tools, eliminating the need for major process changes.

Hand

Prevent

Eliminate high-risk security vulnerabilities, saving significant costs and allowing you to bring more secure software to the market faster.

Features

Tools to help you stay efficient

  • Benefits of Reporting

    Generate threat tables from the "Problem Summary Report", create reports for specific compliance standards, and show management progress on secure development tasks.

  • Email Notifications

    Get notified when users create new projects or update tasks. Centralized security teams can scale across hundreds or thousands of applications and still keep a pulse on what's happening on individual projects.

  • Auditability

    Comprehensive logging allows you to monitor changes to tasks in projects, changes to project settings, who is logging into the system, etc.

  • Enterprise Authentication

    Use your existing usernames and passwords through SAML & LDAP integration. Our partnership with OneLogin allows you to use your existing authentication database across organizational boundaries for free.

  • Scanner Integration

    Already using an automated security scanner? Find out which requirements your scanner can assess and which ones you need to manually assess. Featuring integration with Veracode, Fortify, WebInspect and AppScan.

  • Works with Agile & Continuous Integration

    Development teams can make intelligent risk trade-offs when to implement security requirements vs. other features.
    Find out more about integration with development processes.

One public sector client rewrote a major Java EE application using SD Elements, penetration tested it and found 0 high risk vulnerabilities

Case Studies and Whitepapers

Learning and growth about security requirements

  • Ovum On The Radar

    The security industry is largely focused on detecting security vulnerabilities but less so on preventing these vulnerabilities in the first place. Security Compass has addressed this gap by producing a task-based assistant that plugs into application lifecycle management (ALM) tools and feeds advice at relevant points of development activity.

    View Report
  • image32

    With the help of SD Elements, image32 enables physicians to deliver better patient care.

    Download Case Study
  • Health Care Provider

    Health care plan provider improves application security and reduces audit findings with SD Elements.

    Download Case Study
  • How to Add Security Requirements into Different Development Processes

    Learn how to embed security into three patterns of development: agile, waterfall and continuous development. This whitepaper outlines suggestions for adding security requirements into different development processes.

    Download Whitepaper
  • 5 Steps to Starting a Software Security Requirements Program

    Security requirements are different. With a good security requirement system, you can determine the relevant threat to your applications in 15 minutes. Five simple steps to get you started on building a software security requirements program.

    Download Whitepaper
  • Automated Scaling of Security Requirements

    Learn how we built a scalable security requirements process to accurately predict over 97% of high risk vulnerabilities in penetration tests. This whitepaper outlines common challenges with security requirements, and a process for effectively automating and scaling security and other non-functional requirements.

    Download Whitepaper
  • What are Security Requirements?

    This short article describes security requirements, including differentiating continuous and one-time requirements. The article also describes attributes of a good security requirement. Explicitly stating security requirements during project inception is the perfect complement to security testing.

    View Article
  • What is Security Testing?

    This short article discusses common methods for verifying security software, including code review and run-time assessments. The article describes the various techniques and their relative strengths and weaknesses. Application security testing generally refers to testing custom or lesser-known commercial software applications for security vulnerabilities.

    View Article
One healthcare organization wrote a mobile application from scratch with SD Elements and received a 99% security quality score from Veracode

ALMs we integrate with

SD Elements works with your favorite Application Lifecycle Management (ALM) tools

Build secure software with confidence in 5 easy steps.