Secure Application Development & Review

Secure Software Application

Image

Secure Software Application Development is the next touchstone in Cyber Security. Organizations are realizing that they must develop and deploy Software Applications into the market that is fraught with risk to Hackers and to their reputation!

Software Applications are coming under more scrutiny from Federal and State Legislatures,

Regulators, and private Industry Leaders such as MasterCard and Visa. Organizations must follow a specific set of guidelines for the design, development, and deployment of their Software.

RSC Cyber Security Engineers have developed a Secure Software Application Development methodology and Review process to help Organizations to compete with their own Software and/or ensure that they are using Cyber Secure Software Applications.

At RSC, we believe in a Hands On Approach. There are many different tools that will scan for vulnerabilities in software applications and source code. However, the Human Review factor is what is required to weed out the false positives and truly understand what Software Developers were attempting to achieve with their program.

We have over 30 years of experience in developing Software Applications on a myriad of different platforms. Our Cyber Security Engineers can help take your Organization to the next level; Securely!

Secure Code Review

RSC Security Engineers will place the application in a runtime container that simulates the deployment environment target of the software application. All testing will be accomplished within this environment.

Both automated and manual processes will be utilized to test the application. Special emphasis is placed on: Authentication, Access, and Authorization, Encryption, Memory Access, Disk/Storage access, Least Restritive Priviledges required of the Operating System.

Note: the primary focus of this process is not code structure or development language nuances.

Secure Code Review Specifications:

  1. Identification and setup of the runtime environment. All Software Applications are tested within the RSC lab. Test container and results will be delivered to the Customer upon completion.
  2. Manual Code Review Analysis to discover common secure coding errors and compilation warnings/errors.
  3. Automated Source Code and Executable scans. RSC Engineers will manually review all Reported vulnerabilities to resolve all false/positive results.
  4. RSC Cyber Security Engineers will execute input testing on all identified User input areas.
  5. The Software Application will be profiled for Network, CPU, Disk, and Memory usage. Runtime Analysis of the application will be conducted during this phase.
  6. All discovered and validated Vulnerabilities will be reported to the Customer and, if possible, with recommendations for remediation. All Vulnerabilites are tracked using RSC's Deficiency Waiver system. All Waivers are given an expected time of resolution.
  7. RSC Cyber Security Engineers will validate all "Fixes" applied by the Customer. Upon validation, a final report and grade will be rendered for the Software Application. The RSC Cyber Security Engineer will also checksum and key the software application to ensure that modifications are not made after the Software Application has been released. Upon Customer request, Source Code comparisons will be stored for an agreed upon time period.
A Secure Code Review can be a stressful time for Application Software Developers and Information Technology Administrators. RSC will work with your team to ensure that this process goes as smoothly as possible. Our Cyber Security Engineer(s) will make themselves available to answer any question or clarify review statements and procedures.

Identity Management Architecture

One of the most difficult areas to review and implement is Identity Management; especially for Secure Single Sign-on Solutions. There are a variety of software packages available that can be utilized to provide Federated and Open Identification management.

RSC Cyber Security Engineers can help your Information Technology Team to Design, Develop, Implement, and Maintain an Identity Management System that fits your Organizational Requirement and Corporate Culture.

Identity Management Architecture Specifications:

  1. A review of the Customer's current Computing Environments and existing Authenication, Access, and Authorization software components.
  2. RSC Cyber Security Engineers will review with the Customer the number of options available based on Customer and Regulatory requirements. The result of this effort will be a detailed plan that encompasses User Management, Federated Services, Key Management, and Third Party Access.
  3. If Third Party access is required, RSC Cyber Security Engineers will develop an accountability and audit plan in coordination with the Customer.
  4. Upon successful implementation of the Identity Management System, RSC will develop a maintenance plan for the continued success of the system for the Customer. This plan is often overlooked but is critical to the ongoing effectiveness of the Identity Management System.

Identity Management is a key component for Software Application Security. Most Organizations will have a Regulatory Requirement to implement an Identity Management System for all Software Application access and control.

RSC can help your Organization successfully implement and maintain such a system.

Navigation

Social Media