NINDS OD Information Resource Management Branch

The National Institute of Neurological Disorders and Stroke (NINDS) Office of the Director (OD) Information Resource Management Branch (IRMB) supports an extensive portfolio of internally developed .net and SharePoint-based web applications that provide the user community with a dynamic tool set to support grants management, financial management and administrative functions throughout the organization. In order to maintain agile and flexible development while keeping sensitive data and databases secure, LCG incorporated the IBM AppScan and AppScan Source vulnerability scanning tools within the development environment, providing developers a simple way to check for vulnerabilities and unsecure code as they worked. AppScan modules were integrated into Visual Studio scanning tools, providing remediation techniques and best practices so codebases were secure BEFORE they went into pre-release and production phases. Incorporating security validation and scanning throughout the SDLC has kept security in the forefront of all development efforts and significantly reduced the attack footprint across the NINDS organization.