iValue Center of Excellence
Your Technology. Proven. Positioned. Sold.
• Sell outcomes, not features
Application Security Upsell Stack with Controls
Comprehensive overview of Application Security controls aligned with regulatory requirements and recommended technologies.
| # | Application Security Control Area | Consolidated Requirement | CERT-In | RBI | SEBI CSCRF | IRDAI | DPDP | NCIIPC | Technology | iValue Stack Required (Multi-Stack by Design) |
|---|---|---|---|---|---|---|---|---|---|---|
| 1 | SBOM (Software Bill of Materials) | Component & dependency inventory | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | SBOM / Supply Chain | OpenText Fortify |
| 2 | Secure SDLC Governance | Security embedded in SDLC | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ | Secure SDLC | Process + iValue COE |
| 3 | Application & API Inventory | Discover apps & APIs | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ | App Discovery | CMDB / Process |
| 4 | Static Application Security Testing | Source code analysis | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | SAST | OpenText Fortify |
| 5 | Software Composition Analysis | OSS dependency risk | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | SCA | OpenText Fortify |
| 6 | CI/CD Pipeline Security | Shift-left security | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | DevSecOps | OpenText Fortify + Digital.ai |
| 7 | Dynamic Application Security Testing | Runtime vulnerability testing | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | DAST | OpenText Fortify (WebInspect) |
| 8 | API Security Testing | REST / GraphQL testing | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | API Testing | OpenText Fortify |
| 9 | Mobile App Security Testing | Android / iOS testing | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | MAST | OpenText Fortify |
| 10 | Runtime App Protection | In-app exploit prevention | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | RASP | Imperva RASP |
| 11 | Web Application Firewall | OWASP Top-10 protection | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ | WAF | Imperva WAF |
| 12 | Bot Protection | Prevent abuse & scraping | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | Bot Mgmt | Imperva |
| 13 | API Runtime Protection | Protect APIs in production | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | API Security | Imperva + Levo |
| 14 | Application DDoS Protection | Availability protection | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | DDoS | Imperva |
| 15 | Identity & App Access Control | User access security | ✅ | ✅ | ✅ | ✅ | ⬜ | ✅ | IDAM | RSA / OpenText NetIQ |
| 16 | Strong Authentication | MFA for applications | ✅ | ✅ | ✅ | ✅ | ⬜ | ⬜ | MFA | Yubico |
| 17 | Privileged Application Access | Admin access control | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | PAM | CyberArk |
| 18 | Secrets Management | Protect API keys & creds | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | Secrets Mgmt | CyberArk |
| 19 | Cryptographic Key Management | Secure key storage & operations | ✅ | ✅ | ✅ | ⬜ | ✅ | ✅ | HSM / KMS | Thales / Utimaco / Entrust |
| 20 | Code & Binary Signing | App integrity & trust | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | Code Signing + HSM | Thales / Entrust + e-Mudra |
| 21 | TLS & API Certificate Protection | Secure app communications | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ | PKI + HSM | Entrust / Thales + e-Mudra |
| 22 | Application Logging | Security-relevant logs | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ | App Logging | Native / Integrated |
| 23 | Application Security Monitoring | Runtime threat detection | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ✅ | SIEM | Google Chronicle / Splunk |
| 24 | Application UEBA | Behavioural anomaly detection | ⬜ | ✅ | ✅ | ⬜ | ⬜ | ⬜ | UEBA | Gurucul |
| 25 | Application Threat Intelligence | App-specific threat context | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | Threat Intel | Check Point / Recorded Future |
| 26 | Application Incident Response | App-level IR | ✅ | ✅ | ✅ | ⬜ | ⬜ | ✅ | IR / SOAR | Chronicle SOAR / Splunk SOAR / OpenText SOAR |
| 27 | Vulnerability Disclosure Program | External vuln intake | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | VDP | OpenText Fortify |
| 28 | Compliance & Audit Evidence | AppSec audit artefacts | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | Compliance | SIEM + Fortify |
| 29 | Developer Security Awareness | Secure coding training | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | ⬜ | Training | Progist |