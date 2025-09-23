This financial services firm’s partnership with Black Duck helped achieve effective and long-term risk and cost reduction. By protecting business-critical applications, Continuous Dynamic™ empowers this organization to secure its digital future.
This financial organization is one of the largest online brokers in the U.S., so application security is a top priority. It needed to improve the security of its business-critical applications and identify vulnerabilities, such as those that would provide the ability to access other users’ account information, access other users’ message attachments, access admin functionality without admin-level access, and access authenticated functionality without a valid authenticated session. It also needed faster and more accurate remediation to ensure security assurance and risk compliance.
The organization chose Continuous Dynamic from Black Duck and have been using it for more than eight years to continuously analyze its most critical applications. Automation, easy integrations, accuracy of findings, and on-demand security testing expertise have helped mitigate issues in production. In addition, in-depth manual penetration testing of the application layer has been highly effective in finding complex business logic vulnerabilities that cannot be discovered by scanners alone.
Continuous Dynamic provides industry-proven web application security for modern and traditional websites, web applications, and frameworks.
Continuous Dynamic enables the development team to assess applications in preproduction and production environments, so they can view vulnerabilities in a larger, more accurate context. Comprehensive and continuous scans find runtime vulnerabilities that are tough to spot through source code analysis alone. And Black Duck security experts serve as an extension of the development and security teams by verifying results and eliminating false positives—over 9,500 since 2015.
Business logic assessments (BLAs) are manual assessments performed by security engineers to look for application vulnerabilities that cannot be effectively found in an automated fashion. For development and security teams, BLAs complement the automated testing of Continuous Dynamic and help ensure regulatory compliance. These vulnerabilities include cross-site scripting, fingerprinting, content spoofing, cross-site request forgery, URL redirector abuse, brute force, and more.
More than 22% of the total vulnerabilities found were detected through the BLAs. Around 80% of the vulnerabilities found through BLAs had Critical to Medium rating.
Collaborating closely with Black Duck threat intelligence experts, the organization’s security team is able to identify real-time threats faster and share their findings with others in the organization.
Integration with issue-tracking systems such as Jira enables the development team to deliver secure applications at the speed of development. As vulnerabilities are discovered in Continuous Dynamic, they are pulled into Jira to help ensure faster remediation. As vulnerabilities are retested, the integration allows developers to use Continuous Dynamic's Ask A Question feature directly from the issue in Jira.
The Continuous Dynamic dashboard and reports provide critical insights to the security team, enabling them to better understand security risks, prioritize remediation for critical vulnerabilities, and evaluate the results of the application security program. An overview of status, risks, and trends empowers managers, improves decision-making, and ensures that high-priority vulnerabilities are remediated. And expanded visibility across the entire application security program enables the security team to better manage risks and reduce exposure to data breaches.
The Black Duck support team helps align people, processes, and technology to achieve operational readiness. Working closely with the security and development teams in managing support services, vulnerabilities review, and more has ensured rapid problem resolution.
