About Aspect

Aspect was founded in 2002 to focus exclusively on services to enable companies to build, verify, and manage secure software applications. We are highly practical in our approach to security and always ground our analysis in our customer's business needs.

Aspect's positive approach to application security is designed to be as cost-effective as possible. We bring together business and executive management, software development, and security and audit groups to enable informed decisions about the risks of insecure applications. Our balanced programs will help you improve your application security foundation, software development process, security verification activities, and your ability to manage cost and risk.

We use our extensive knowledgebase, as well as deep experience with the latest tools and technologies, to support our services. If you want to provide application security services internally, we will share our knowledge and techniques to help you to stand up your own capability.

Aspect is headquartered in Columbia, Maryland with regional offices in New York and other key locations around the United States.

Leadership

Aspect believes that application security is critically important and we are passionate about it. We choose to make all of our research public so that everyone can benefit.

We are a founding member of OWASP (The Open Web Application Security Project). We founded and lead many projects there, including the Top Ten, WebGoat, ESAPI, AntiSamy, CSRF Tester, CSRF Guard, JavaEE Clickjack Filter, ASVS, Scrubbr, Contract Annex, the Prevention Cheat Sheet Series, and much more.

Aspect also works with many government teams focused on improving the state of application security, and has championed the inclusion of application security into FISMA (NIST SP 800-53) and our leaders led the effort to draft ISO 21827.

Our experts speak and teach frequently at conferences including BlackHat, RSA, OWASP AppSec, JavaOne, SOURCE Boston, Financial Services-ISAC, Hacker Halted, Shmoocon, Jazoon and more.

Proof Positive

Aspect takes a positive approach to application security based on security controls, completeness, coverage, and assurance, rather than simply chasing vulnerabilities. In our experience, the positive approach is considerably simpler, more cost-effective, and produces much better security compared to relying exclusively on negative approaches like vulnerability scanning and penetration testing.

Our services are designed to help organizations make informed decisions about application security risks. This efficiently protects your information assets, reputation, and liability. More importantly, solid application security allows you to innovate with confidence, creating new services and functions that strengthen your business and help your customers.

Experienced Experts

Aspect's leaders were among the first to specialize in application security in the mid to late 1990's. Our consultants know how to build secure applications, verify security, manage programs, and teach your staff.


Aspect has verified applications totalling hundreds of millions of lines of mission critical code for applications written in languages such as Java, JSP, C, C++, C#, ASP, VB, VB.NET, ABAP, PHP, Dynamo, ColdFusion, Perl, and Haskell and environments including Java EE, .NET, SAP, Oracle, Spring, PeopleSoft, and Struts.


Through our hands-on courses, we have trained tens of thousands of developers and managers to build and test secure applications.

Aspect's staff is a unique blend of developers, software architects, application security engineers, and process improvement designers. Many of our staff have CISSP, CISM, and GSEC certifications as well as extensive background investigations.