Application security services across the development lifecycle and software supply chain.

Since our founding in 2002, we have worked with many government teams that are focused on application security:

  • Consumer Product Safety Commission
  • Federal Deposit Insurance Corporation (FDIC)
  • Government Accountability Office (GAO)
  • Department of Justice
  • Department of the Treasury
  • Defense Contract Audit Agency (DCAA)
  • Defense Information Systems Agency (DISA)
  • Office of Personnel Management
  • Intelligence Community
  • Space and Naval Warfare Systems Command (SPAWAR)
  • U.S. Army, Navy, & Air Force
  • National Security Agency (NSA)

Application Security Education & Training

We are proud to provide application security training across the Department of Defense and other Federal agencies. Our flexible delivery options include: in-person instructor-led training, via webcast, or on-demand via our eLearning offering. Our curriculums meet the Federal requirement for annual Specialized Security Training and the DISA STIG for secure application development is addressed.

Software Assurance Services

Our engineers analyze and verify an average of 5,000,000 lines of code every month, most of which are critical to the national infrastructure and defense. Our analyses and recommendations address software assurance requirements mandated by FISMA (NIST SP 800-53) and DISA’s ASD STIG (DOD 8500.2). We championed the inclusion of application security into FISMA (NIST SP 800-53).

Software Assurance Program Services

We offer strategic assessment and planning services and create practical, actionable multi-year plans to improve software assurance across an organization’s application portfolio. Our track record demonstrates that we have been able to drive changes to processes, security goals and culture, improving an organization’s ability to produce, deploy and manage secure software. We authored the System Security Engineering Capability Model (SSE-CMM), ISO standard 21827.

Our principals started the world’s first application security practice and are founding members of OWASP. We have authored many of the application security’s most respected standards, guidelines and technologies including the OWASP Top Ten, Application Security Verification Standard (ASVS), Risk Rating Methodology, Enterprise Security API (ESAPI) and WebGoat. We donate our research to OWASP and these materials are downloaded by 50,000 people every month.

Accessibility Statement

Aspect Security is committed to making its Web content and information and communication technology (ICT) accessible to all visitors. Our products  comply with Section 508 of the Rehabilitation Act, which was enacted to eliminate barriers to ICT for people with disabilities. Aspect Security's products have been developed using accessibility best practice guidelines and have been tested with various assistive technology products to ensure the best possible experience for everyone.