Cutting edge features to help you build secure software with ease.
SD Elements allows you to pull a focused set of prescriptive security requirements by answering a lightweight yet powerful and extensible survey.
Automated Risk Analysis
By checking against an extensive and expanding list of known software security weaknesses, SD Elements can automatically determine the kinds of security & privacy risks your application is likely vulnerable to after just 10 minutes. Compare that to several days using manual methods.
Reporting / Dashboard
Prove to auditors that you follow a secure SDLC with SD Elements. Detailed reports provide risk visibility to management and auditors. The dashboard provides an organization-wide view of application security risk.
ALM Integration—Provide developers with instructions and tasks within the tools they already use: Application Lifecycle Management (ALM) tools like HP ALM, Mingle, JIRA, Rally, Trac, Pivotal Tracker, and Microsoft Team Foundation Server. Use the powerful RESTful API to integrate with your own systems.
Scanner Integration—Already using an automated security scanner? Find out which requirements your scanner can assess and which ones you need to manually assess. Featuring integration with Veracode, Fortify, WebInspect and AppScan
Match Requirements with Test Cases
Over 40% of the security requirements identified by SD Elements cannot normally be tested with an automated scanner. SD Elements provides step-by-step instructions so that developers can build effective security unit tests and/or QA testers can perform manual tests. Test cases map directly to requirements.
Developers often work in time-constrained environments. SD Elements prioritizes tasks and provides succinct guidance so that developers can focus on coding.
SD Elements provides code samples on how to implement security requirements in a variety of languages and frameworks, including Java EE, .Net, Rails, Android, iOS and more. Don't see support for your languages and/or frameworks? Intuitive customization allows you to quickly add your own and push it to everyone in your organization.
Remembering security awareness training in the context of day-to-day development can be difficult. Embedded training for OWASP Top 10 vulnerabilities allows developers to learn in-depth when it's relevant for their application.
Extend SD Elements through customization. Add to the survey of questions and answers, add your own tasks, and use a powerful rules editor to match when tasks should appear inside of a project. Clients use SD Elements for all kinds of things: accessibility, disaster recovery, government certification, and even agile iteration processes.
Acquiring SD Elements means tapping into our extensive and ongoing research into application security defenses. We continuously expand our content and provide new content every two weeks. Be notified when new controls and threats affect your application.
Build Compliance In
Learn how relevant compliance initiatives such as PCI, HIPAA, and the European Privacy Directive have a direct impact on your code and build the appropriate controls into your code.
Global companies are using SD Elements today. Use SAML 2.0 or LDAP authentication to hook into your existing list of users.
Interested in SD Elements? Contact our Sales Team for a demonstration. REQUEST A DEMO
SD Elements is a key component of our secure coding strategy. We are using it to drive compliance with industry best practices - with our own developers and third parties. Our application development teams have been able to benefit almost immediately, with a minimum of effort. We're customizing SD Elements to automate portions of our application certification and accreditation process. The SD Elements team has gone above and beyond to help us set that up.
After comparing the results of a 3rd party security application assessment against the security requirements laid out by SD Elements for that same application, we discovered that all of the application specific vulnerabilities would have been remediated had the developers simply followed those security requirements at the start.
- Large US-Based Utilities Company
It is upfront, action driven, telling people what to do instead of being reactive, it is proactive. Not only does it give a list of things that people need to be aware of, it gives them guidance on how to do it. It probably will help us with training requirements as far as PCI goes. So when they do annual training this will be just in time training.
- Large US Retailer
We're struggling with annual training for PCI, the entire development organization has to be provided with training every year regardless of whether they need it or not. We're trying to get a definition around what that training definition is. This is one of those tools where we could show them (the auditors), as the developers are using SD Elements each of the different PCI requirements, how to do it, so the developers are actually getting trained every project they are working on.