Software Security Assessments
Our Software Assessment services identify security vulnerabilities and threats, at any phase of development. For each, we'll focus on areas where your application is most at risk, report back issues found, and provide remediation advice.
A holistic assessment service consisting of assessment of SDLC process and practices, code security and threat modeling.
We vet the skills of our assessors to ensure you get the best advice that is appropriate, fit for purpose and fits the aims and objectives sought.
Consultants can implement recommendations and work with your team to transfer skills and knowledge enabling you to continue improvements.
Identifies the specific needs unique to your organisation, and how those needs can be addressed.
Identify Threats at any Development Phase
Our Software Assessment services identify security vulnerabilities and threats at any phase of development. For each, we'll focus on areas where your application is most at risk, report back issues found, and provide remediation advice.
Secure SDLC Optimisation
Whether you need to map application security to compliance mandates like PCI-DSS and governance standards, or simply want to integrate security into your existing software development lifecycle to reduce overall risk, we are the experts who can help.
Enterprise Application Portfolio Assessment
This service offers visibility into the state of application security across your organization. It comprises a risk-ranking exercise and the delivery of a risk-ranking and data classification framework for more informed planning.
Security Code Review
A Code Review analyses existing codebase and locates code constructs that lead to security vulnerabilities. The result is a detailed report outlining code issues, and suggested repairs for improved security - allowing teams to better understand problem areas of their code, prevent common logic errors, and other mistakes in the future.
Our expert security team employs a combination of static analysis tools and “eyes on” manual review to uncover the highest number of flaws possible - and provides remediation for those coding errors. Code reviews may be executed against applications written in C, C++ C#, Visual Basic, Visual Basic.NET, ABAP, and a myriad of web technologies including Ruby, PHP, AJAX, and Perl.
Threat Modeling is a key and often under-appreciated security analysis technique that Development, IT and Security teams use to identify critical risks and make better security decisions. Whether performed on an existing application or throughout the SDLC, it is the starting point in creating, deploying and maintaining secure software applications. Benefits include:
- Fast and practical - allows for many applications to be analyzed in a short period of time. Exposes REAL threats - not hypothetical or potential threats (very few or no false positives).
- Maps to each phase of the SDLC - drives design decisions, implementation guidelines, and testing activities.
- Produces a persistent and tangible asset - can be leveraged whenever new risks are uncovered.
Want to learn more about Assessment? Check out..