Problem:

Security risks have moved beyond the network and operating systems and are more significant in the application and access to data through applications. Finding and fixing security problems early in the development cycle is more efficient and cost effective than testing after the application goes into production. Yet many companies conduct security risk test for functional requirements in application testing. Security vulnerabilities can be identified early in the development phase through a structured approach.

Solution:

We review your current application usage, goals for developing new applications, whether in-house or off the shelf and develop a security strategy. An analysis of what information you plan to store on systems is conducted, review requirements to access information and what controls should be in place over application and data provisioning. Key aspects of application security risk assessment / reviews include:

· Analysis of data access requirements

· Understand the business requirements of the applications and how to meet the security risk goals of organization

· Conduct a threat analysis of points of weakness in the current SDLC

· Conduct risk analysis and business impact analysis of application weaknesses

· Implementing security risk into the current SDLC

· Analysis and assessment of tools needed to ensure secure code development

· Analyze training regime for secure application development

· Develop a threat analysis and monitoring solution for application security

· Develop policies to address future security risk to applications

How the Process Works

We interview your IT staff, application development staff and security staff about what security measures are taken during the SDLC. We do assessment and make recommendations on how the development process can be enhanced based on industry best practices for secure software development and provide a new framework that can be followed for future development.