Brittany Greenfield, founder and CEO of Wabbi, says, “We are focused on decentralizing the management of AppSec, enabling development teams to own the day-to-day execution, and capture the productivity benefits of implementing security throughout the development lifecycle while still giving security teams the confidence of knowing they have centralized governance.” Simply put, Wabbi’s SecDevOps platform de-silos application security information to make it scalable across development pipelines so that teams no longer have to decide between agility and security.
Wabbi takes a developer-centric approach to application security, which allows them to build in AppSec in the development pipeline from the outset and stopping vulnerabilities before they become a risk. Too often, software development policies are deployed at an organizational level, leaving development teams unaware of what the correct policies are for their projects and when their projects are impacted by policy changes. With Wabbi, however, they gain a centralized policy engine that correctly assigns the right AppSec policies to the right projects. This provides real-time visibility on the various policies being followed, the ones that are least effective, and why.
Wabbi creates a profile for each project, with the first step beginning by integrating into the ticketing system workflow, such as Jira or Azure DevOps. Once the project becomes active, Wabbi not only assigns specific policies and quality gates based on the profile but also creates a custom algorithm that is used to prioritize security tests as they’re returned and integrate them back into the existing development workflows, where appropriate. The platform prevents insecure coding practices and provides visibility into potential bottlenecks, making it simple for the development teams to deliver projects on-time, on-budget while adhering to their company’s AppSec standards. Moreover, it ensures teams always operate with top performance and efficiency.
“Good application security is not about speeding up AppSec tools or slowing down the whole development pipeline, but rather choosing the right times to do either. Our platform allows operations teams to do this precisely,” informs Brittany.
Wabbi helps companies diagnose and prioritize risks from vulnerabilities so that security naturally fits into the development workflow and no longer has to be a competing priority
They no longer have to worry about tracking down information; they have the visibility to know that security standards are being met and when they’re not, what they need to do. Today’s AppSec is not limited to just traditional vulnerability scanners: Wabbi analyzes all application security results—from cloud-security configuration to vulnerability scans to container security tools—to ensure compliance with all AppSec standards for that project. The platform’s automated policy-based governance feature enables application security to be integrated into a company’s continuous integration and continuous deployment (CI/CD) pipeline, as the single point of control for go/no-go project decisions.
What perhaps sets Wabbi apart is its ability to help businesses deliver secure code without having to sacrifice agility or speed. “Our ultimate goal is to help them deploy their application security program whatever their maturity. We are completely agnostic to the breadth and depth of a client’s application security program,” states Brittany. Moreover, Wabbi is API-centric; the ability to rapidly connect with all the sources of information is critical for its clients. New connectors can be installed with just one click without engineering support. Wabbi’s SecDevOps platform offers outof- the-box configurations, but more advanced users can add customizations on top of it. The number of vulnerabilities grows exponentially as more and more code is produced, decreasing the average time needed to fix them before adversaries exploit the flaws. Wabbi helps companies diagnose and prioritize risks from vulnerabilities so that security naturally fits into the development workflow and no longer has to be a competing priority.
Looking to the future, Wabbi is rapidly accelerating delivering SecDevOps orchestration to companies of all sizes and industries. The firm is looking toward international expansion in the next 12 months and beginning to ramp their practice with consultancies that support clients through digital transformation initiatives to include the deployment of application security programs as part of these initiatives. As it continues to look forward, the platform will transition from intelligent SecDevOps orchestration to providing the AppSec-as-a-Service infrastructure layer for development pipelines. “This will enable a company of any size, any application security maturity level to deploy an AppSec program as part of its development pipeline. That is how we’re going to build better software overall, not just from a security perspective,” concludes Brittany.