Wabbi: Deploying AppSec without Sacrificing Agility

Follow Wabbi on :

Brittany Greenfield, Founder and CEO
The promise of DevOps to dramatically improve business performance by eliminating the silos between development and operations teams has made it a focal point across organizations. While many enterprises have embraced this integrated method for development and operations, they are often slow to include application security within the framework. In other words, in the endeavor of speeding up business processes and development cycles, security has become more of an afterthought. The reason is the traditional “bolt-on” security techniques and manual controls that are reliant on legacy practices act as impediments to speed, transparency, and overall security. Moreover, the transition to cloud-based infrastructure requires a federated approach in administering application security (AppSec), which the legacy processes cannot support. This information asymmetry between security and development leads to reactive AppSec that is a drag on development’s budget and leaves applications at risk. Addressing this challenge head-on with its SecDevOps orchestration platform is Boston, MA-based Wabbi. The firm’s platform automates and analyzes existing AppSec processes and tools for a continuous flow of actionable data in parallel with the development pipeline.

Brittany Greenfield, founder and CEO of Wabbi, says, “We are focused on decentralizing the management of AppSec, enabling development teams to own the day-to-day execution, and capture the productivity benefits of implementing security throughout the development lifecycle while still giving security teams the confidence of knowing they have centralized governance.” Simply put, Wabbi’s SecDevOps platform de-silos application security information to make it scalable across development pipelines so that teams no longer have to decide between agility and security.

Wabbi takes a developer-centric approach to application security, which allows them to build in AppSec in the development pipeline from the outset and stopping vulnerabilities before they become a risk. Too often, software development policies are deployed at an organizational level, leaving development teams unaware of what the correct policies are for their projects and when their projects are impacted by policy changes. With Wabbi, however, they gain a centralized policy engine that correctly assigns the right AppSec policies to the right projects. This provides real-time visibility on the various policies being followed, the ones that are least effective, and why.

Wabbi creates a profile for each project, with the first step beginning by integrating into the ticketing system workflow, such as Jira or Azure DevOps. Once the project becomes active, Wabbi not only assigns specific policies and quality gates based on the profile but also creates a custom algorithm that is used to prioritize security tests as they’re returned and integrate them back into the existing development workflows, where appropriate. The platform prevents insecure coding practices and provides visibility into potential bottlenecks, making it simple for the development teams to deliver projects on-time, on-budget while adhering to their company’s AppSec standards. Moreover, it ensures teams always operate with top performance and efficiency.

“Good application security is not about speeding up AppSec tools or slowing down the whole development pipeline, but rather choosing the right times to do either. Our platform allows operations teams to do this precisely,” informs Brittany.


Wabbi helps companies diagnose and prioritize risks from vulnerabilities so that security naturally fits into the development workflow and no longer has to be a competing priority


They no longer have to worry about tracking down information; they have the visibility to know that security standards are being met and when they’re not, what they need to do. Today’s AppSec is not limited to just traditional vulnerability scanners: Wabbi analyzes all application security results—from cloud-security configuration to vulnerability scans to container security tools—to ensure compliance with all AppSec standards for that project. The platform’s automated policy-based governance feature enables application security to be integrated into a company’s continuous integration and continuous deployment (CI/CD) pipeline, as the single point of control for go/no-go project decisions.

What perhaps sets Wabbi apart is its ability to help businesses deliver secure code without having to sacrifice agility or speed. “Our ultimate goal is to help them deploy their application security program whatever their maturity. We are completely agnostic to the breadth and depth of a client’s application security program,” states Brittany. Moreover, Wabbi is API-centric; the ability to rapidly connect with all the sources of information is critical for its clients. New connectors can be installed with just one click without engineering support. Wabbi’s SecDevOps platform offers outof- the-box configurations, but more advanced users can add customizations on top of it. The number of vulnerabilities grows exponentially as more and more code is produced, decreasing the average time needed to fix them before adversaries exploit the flaws. Wabbi helps companies diagnose and prioritize risks from vulnerabilities so that security naturally fits into the development workflow and no longer has to be a competing priority.

Looking to the future, Wabbi is rapidly accelerating delivering SecDevOps orchestration to companies of all sizes and industries. The firm is looking toward international expansion in the next 12 months and beginning to ramp their practice with consultancies that support clients through digital transformation initiatives to include the deployment of application security programs as part of these initiatives. As it continues to look forward, the platform will transition from intelligent SecDevOps orchestration to providing the AppSec-as-a-Service infrastructure layer for development pipelines. “This will enable a company of any size, any application security maturity level to deploy an AppSec program as part of its development pipeline. That is how we’re going to build better software overall, not just from a security perspective,” concludes Brittany.

Company
Wabbi

Headquarters
Boston, MA

Management
Brittany Greenfield, Founder and CEO

Description
Boston, MA-based Wabbi offers aSecDevOps automation platform that provides continuity of information to make security scalable across development pipelines, so teams no longer have to decide between speed and security. The platformdecentralizes the management of AppSec so that development teams can own the day-to-day execution, and capture the productivity benefits of implementing security throughout the development lifecycle, while still giving security teams the confidence to know they have centralized governance.Wabbi takes a developer centric-approach to application security, which allows them to start building more applications from the very beginning of the design process in the development pipeline and stopping vulnerabilities before they become a risk

Wabbi