| - Investigate integrating solutions such as Checkmarx or Veracode into your SDLC (for ongoing code level static analysis), do not look just for one-off assessments of your system. - Run manual penetration tests or vulnerability assessments depending on your confidence in the state of your system.
Either choose a pentesting boutique close to you if you like meeting people in person or pick a company that runs tests with a group of people, not a single auditor. The results will likely be much better then. If you're looking for a solution for team based security testing take a look at http://www.applause.com/security-testing
(Disclaimer: I am security team lead at Applause. Disregard that marketing pricing calculator on the webpage) If you're looking to test any type of app dealing with the protection of digital goods, e.g. Books / DRM / Audio / Video / Paid features, we're specialists for that. We're deploying teams of white hat security experts to run security tests, including automatic scans on web, mobile, desktop applications. General process:
=> Lead security expert carries out risk assessment to craft custom test plan
=> Penetration test or vulnerability assessment (realtime results in 24/7 web platform)
=> Deduplicated, validated and prioritized results with remediation advice
=> Customer fixes vulnerabilites
=> Retesting of vulnerabilities to verify fixes are effective First results, often critical vulnerabilities, usually trickle in within minutes of starting the test. |