Secure Application Architecture and Design
Security problems become more expensive to remedy when they are discovered later in the development process. Therefore avoiding security issues by taking security aspects into account during the design phase prevents costly fixes later on.
Security Awareness Training
Making developers aware of security related issues can prevent them from making mistakes that lead to security vulnerabilities. In a typical project, not every developer needs to be a security expert. The goal of developer security awareness training is that they are able to recognize when they are dealing with security sensitive items and then seek advice from more knowledgable colleagues, if necessary.
In our experience, example based training is most effective and we provide training material that is custom tailored to the customer specific situation.
Application Vulnerability Assessments
We can provide tailor made application vulnerability assessments, going from fully automatic scans to complete manual reviews. Automated tools tend to produce many false positives and are useful for finding only a small number of common problems ("low hanging fruit") More elaborate, manual, probing is required for finding higher level types of problems, such as application logic errors.
|
Source Code Reviews
While application vulnerability assessments can be useful for quickly finding some common problems, other categories of security problems can only be found with an analysis of the application source code. Typical examples of problems that can be found more quickly by reading the code include weak implementations of cryptography, time bombs and malicious backdoors.
Forensic Analysis
When a security incident has been detected, part of the remediation can be a forensic analysis of the compromised systems. We provide services for forensic analysis of suspect computer systems.
Malware Reverse Engineering
Sometimes unknown programs are detected as part of a forensic investigation. We provide services for reverse engineering unknown programs so that their working and intended purpose can be discovered.
|