Secure Development

What is the need for SDL?

Today, software applications are developed, deployed, improved and optimized to support business environments. These applications control access to financial transactions, Personally Identifiable Information (PII), and corporate information (trade secrets, IPR). Unfortunately, many organizations do not focus on the risk management within their SDLC and hence end up spending huge amounts of money on compliance, re-engineering and risk mitigation by taking a reactive approach.

 

The Security Development Lifecycle (SDL) is the industry-leading and proven software security assurance process created by Microsoft and has been effective since 2004.

 

Any software development organization can leverage the SDL to optimize its software security and lower its total cost of development.

 

For more information on the SDL, please visit www.microsoft.com/sdl

 

What is the SDL Pro Network?

The SDL Pro Network is a group of security consultants, training companies, and tool providers that specializes in application security and has substantial experience and expertise with the methodology and technologies of the SDL.

 

 

Aujas as part of the SDL Pro Network provides a suite of services to clients for software security assurance.

 

Aujas Services

The Aujas services suite adopts a distinctive and modular approach transforming your software development lifecycle to a SDL by incorporating security controls in each phase. Our services recognize and avoid security pitfalls during the development lifecycle and rectify security problems as they arise by:

 

Strategy and Design

Helps organizations classify and catalog applications according to the level of security assurance and thereby focus the security effort.

  • Application portfolio risk analysis
  • Application security readiness assessment
  • Security requirement definition

 

Secure Design, Architecture and Development

Verifies whether necessary security elements have been considered during the design phase through in-depth software and architecture inspection and provide critical feedback for maximum security and privacy. Our services also help organizations incorporate the proper and adequate configuration of software security controls in the development lifecycle using secure coding guidelines, software implementation and peer code review.

 

Code Review, Testing and Release

Evaluates the application source code for common programming errors that lead to security vulnerabilities. By combining automated and manual code reviews to identify vulnerabilities at the code level, trace them back to the architecture and design flaws, our services address and subsequently mitigate any glitches that may arise. Our testing services include :

  • In-depth inspection(automated/manual) of source code
  • White box testing
  • Grey box testing
  • Black Box testing

 

Aujas offers secure release to ensure that the application infrastructure is deployed securely, in addition to enabling secure communication among various entities within the computing environment through field security evaluation, software patch management and secure configuration assessment.

 

Education

training that provides valuable coding tips to avoid vulnerabilities, software development resistant to malicious attacks and examines the most common flaws of software design and implementation. Our services offer substantial cost savings and time benefits through a course that covers :

  • Introduction to Application Security
  • Understanding Attack Vectors
  • Secure Programming
  • Knowledge Testing

 

For more information please contact us at contact@aujas.com