How it Works

Build secure software with confidence in 5 easy steps.

Step 1: Answer a Short Questionnaire

Simple Setup

Traditional methods to address security early in the development process are time consuming and require domain expertise. As a result, practitioners often fall back on a test-after approach to application security.

With SD Elements, development teams can generate comprehensive sets of threats by answering a short 15 minute questionnaire. Quickly scale to thousands of applications in a short period of time.

Get Started Quickly With Profiles

Profiles allow non-technical project members to get started quickly by selecting a generic profile, such as "Java EE web application" or "iPhone mobile app". Add more technical details to refine your SD Elements project later on with the input of technical team members. Use SD Elements content for web applications, mobile applications, web services, APIs, server applications, rich clients and desktop applications. Use powerful customization to extend to other software types.

Build Compliance In

Relevant compliance initiatives such as the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act, and international privacy directives have a direct impact on your code.

SD Elements distills these compliance standards into development requirements that you can feed into your development process. Avoid costly fines and regulatory non-compliance by building compliance in.

Step 2: Get Relevent Threats and Countermeasures

Automated Risk Analysis

SD Elements checks against extensive and continuously updated list of known software security weaknesses and compliance initiatives. It can automatically determine the kinds of security and privacy risks your application is likely vulnerable to after just 15 minutes.

Stay Up-to-Date

Continuously build security in and stay up-to-date with emerging threats. After you've modeled an application in SD Elements you get continuous updates about new vulnerabilities, compliance standards, and defenses delivered into your Application Lifecycle Management toolkit.

Customization

SD Elements can be extended by adding project specific data, requirements and tasks through a powerful rules editor to match when tasks should appear inside a project.

Take advantage of SD Element's ease-of-use and integration with development tools to build in your own corporate standards. Administrators can customize SD Elements requirements, problems, the questionnaire, and profiles. Take high level corporate policy & standards and turn them into actionable tasks that your developers can implement from their existing tools.

Step 3: Deliver Through Your Development Tools

Deliver Through Your Development Tool

Seamlessly add security requirements into your existing Application Lifecycle Management tools. SD Elements painlessly fits into your existing development process rather than forcing you to change your process. Task assignments and notification emails for people who don't have a supported ALM.

Step 4: Build Security In

Prioritization

Developers often work with strict time-constraint projects. SD Elements enables developers to focus on coding because it prioritizes tasks and provides succinct guidance.

Code Samples

SD Elements provides code samples showing you how to implement security requirements in a variety of languages and frameworks, including Java EE, .Net, Rails, Android and iOS. Intuitive customization allows you to quickly add your own language and framework to then push to everyone in your organization.

Embedded Training

Remembering security training in the context of day-to-day development can be difficult. When relevant to their application, embedded training for OWASP Top 10 vulnerabilities enables developers to learn in-depth exploits and defenses.

Step 5: Verify Requirements

Match Requirements with Test Cases

SD Elements has turned traditional security assessments on its head. SD Elements provides step-by-step instructions for testing along with mapping of requirements to test cases. Directly import testing results from popular security scanning products and understand their coverage gaps so that you can supplement with your own custom rules, unit tests or manual testing. Provide security auditors with an interface to tell you what they could and couldn’t test for.

Interested in SD Elements? Contact our sales team for a demonstration.