What is the need for SDL?
Today, software applications are developed, deployed, improved and optimized to support business environments.
These applications control access to financial transactions, Personally Identifiable Information (PII), and
corporate information (trade secrets, IPR). Unfortunately, many organizations do not focus on the risk management
within their SDLC and hence end up spending huge amounts of money on compliance, re-engineering and risk
mitigation by taking a reactive approach.
The Security Development Lifecycle (SDL) is the industry-leading and proven software security assurance process
created by Microsoft and has been effective since 2004.
Any software development organization can leverage the SDL to optimize its software security and lower its total
cost of development.
For more information on the SDL, please visit www.microsoft.com/sdl
What is the SDL Pro Network?
The SDL Pro Network is a group of security consultants, training companies, and tool providers that
specializes in application security and has substantial experience and expertise with the methodology and
technologies of the SDL.
Aujas as part of the SDL Pro Network provides a suite of services to clients for software security assurance.
Aujas Services
The Aujas services suite adopts a distinctive and modular approach transforming your software development
lifecycle to a SDL by incorporating security controls in each phase. Our services recognize and avoid security
pitfalls during the development lifecycle and rectify security problems as they arise by:
Strategy and Design
Helps organizations classify and catalog applications according to the level of security assurance and thereby
focus the security effort.
- Application portfolio risk analysis
- Application security readiness assessment
- Security requirement definition
Secure Design, Architecture and Development
Verifies whether necessary security elements have been considered during the design phase through in-depth
software and architecture inspection and provide critical feedback for maximum security and privacy. Our services
also help organizations incorporate the proper and adequate configuration of software security controls in the
development lifecycle using secure coding guidelines, software implementation and peer code review.
Code Review, Testing and Release
Evaluates the application source code for common programming errors that lead to security vulnerabilities. By
combining automated and manual code reviews to identify vulnerabilities at the code level, trace them back to
the architecture and design flaws, our services address and subsequently mitigate any glitches that may arise.
Our testing services include :
- In-depth inspection(automated/manual) of source code
- White box testing
- Grey box testing
- Black Box testing
Aujas offers secure release to ensure that the application infrastructure is deployed securely, in addition
to enabling secure communication among various entities within the computing environment through field security
evaluation, software patch management and secure configuration assessment.
Education
training that provides valuable coding tips to avoid vulnerabilities, software development resistant to
malicious attacks and examines the most common flaws of software design and implementation. Our services offer
substantial cost savings and time benefits through a course that covers :
- Introduction to Application Security
- Understanding Attack Vectors
- Secure Programming
- Knowledge Testing
For more information please contact us at contact@aujas.com