(WEB) APPLICATION SECURITY AND SECURITY IN THE SOFTWARE DEVELOPMENT
IT-Security is getting more and more important: At ever shorter intervals, the media report about spectacular cases of IT security vulnerabilities and their effects. This is due to the increased attention to the topic and its growing importance.
We see two trends on the market that enlarge the risk potential for applications. As part of the digitisation, more and more processes are continuously automated and integrated into each other. This means that more and more systems are available via the network, and sensible procedures like payments and credits are carried out online. For hackers and criminals, this provides new targets and access possibilities. Additionally, attackers are becoming more and more professional. They have commercial interests like blackmailing or industrial espionage, or they want to damage the company through sabotage or the publishing of data.
The relationship between attackers and software providers is always a race. We help you to stay one step ahead in terms of IT-Security and Cyber-Security.
IT-SECURITY ALREADY ARISES DURING THE CREATION OF SOFTWARE
The topic IT-Security is a critical quality aspect next to functionality and other not functional requirements like usability, reliability, efficiency and maintainability. As with all quality aspects, security is created during the development process (“Security by Design”) and cannot be “checked in” afterwards. Design decisions can barely be adjusted in hindsight, and the view from a distance doesn’t uncover all security problems. A pentest at the end of system development is, therefore, a sensible measure, but not sufficient on its own.
For this very reason, we recommend starting with software development. IT security must be a topic in the entire development cycle, from the requirements and (agile) implementation to testing and support in productive operation.
OUR SERVICE PORTFOLIO IN THE AREA IT-SECURITY
WE GLADLY SUPPORT YOU WITH THE FOLLOWING TOPICS:
Audit in development procedures
- With the participation of your specialists, we look at the procedures for software development using the Secure Software Development Lifecycle Project (S-SDLC). We are also happy to support the practical implementation of a security-focused development process and the implementation of proposed measures.
Risk analysis / Threat Modeling
- Do you know what level of protection you need for your applications and systems? And how do you achieve this level?
- Together with your experts, we analyse the threat scenarios and required protection needs of your software.
Review, Analysis and Evaluation of Code
- Concerning IT-security in your projects.
- Together with your developers, we carry out static and dynamic code analyses and give you concrete advice on how to improve the level of protection.
Training & Coaching
- This includes our introductory courses "Information Security for Development Teams", "Secure IT Architectures" as well as individual, customised training courses and the accompanying and support of your development teams in practice.
- We offer this service together with a specialised partner company. Define the level of protection you need yourself - from script kiddie to industrial espionage.