Application Security Operations Center (ASOC) The right plan and the right solutions are a great start but without an effective operationalizing of the program nothing will be achieved. Saltworks works with customers to provide operational services that include both mentoring your employees to run the program and staffing the ASOC to ensure a successful application security program. ASOC services include: Program Implementation

{} Integrating ASOC with development teams {}  Working with Agile teams to ensure policy requirements are part of the appropriate sprints / development iterations {} Generating Threat Models, including training developers to either create Threat Models and/or assist in their creation. {}  Ensuring proper assessments (scans) are being integrated and executed {}  Working with developers to ensure proper remediation is being completed {}  Working with DevOps teams to ensure automated security testing is being completed successfully {}  Scheduling Penetration Testing to ensure policy and compliance requirements are being met

Tracking & Metrics

{}  Providing executive level reporting to ensure program success is communicated {}  Tracking program roll-out completion {}  Reporting vulnerability metrics to management

Reporting and Auditing

{}  Providing reporting to audit and compliance teams {}  Working with Audit teams to ensure audits can be performed quickly and efficiently