Overview

When new software is published it is said to have undergone one full lifecycle of software development/release. New versions of software are periodically released to either fix the bugs that were present in the previous version (and are still present in the software) or introduce new features in the software. But most of times, focus is on functional fixes and deadlines for release. In such scenarios, Security becomes the lower priority and unsecure software gets shipped to production environment. This approach in long run may prove costly in terms of brand reputation or may lead to financial implications. Hence just releasing the software version is not good enough. It is important that organizations "securely" release the software.

Why Aujas?

Aujas has been working with global clients to improve the security posture of their software's. Secure development team at Aujas has transformed development lifecycle to secure development lifecycle, conducted code reviews, penetration testing and also has been involved right from the inception stage of the software development.

Aujas Offering

Aujas will work with your software development team to ensure that for every release of the software, security aspects of the software are dealt with by Aujas experts.

Requirements and Design Critique

In this phase we review the software requirements and the design documents. Based on the information gathered by reviewing the above documents, threat modeling is performed to identify security threats for the software. Threat modeling helps in identifying design flaws in the software and also sets the base for the next set of reviews once the code / software is ready.

Code Reviews

In this phase we review the software code to identify security vulnerabilities. Threat modeling document is used as a base to perform code review. Software is reviewed to identify vulnerabilities which could help attacker to realize the listed threats. A combination of automated and manual review is performed to identify vulnerabilities.

Secure Release

Once the application moves to UAT /pre prod phase, we will perform penetration tests on the software. This test is the performed to ensure that all the vulnerabilities identified in earlier phases have been fixed. Also this test ensures that no new vulnerabilities are introduced during the software development process. A combination of automated and manual techniques is used to identify the vulnerabilities. All software should be released with the trusted model in production servers or to the client. The trust level of the software is determined by the secure release process with technologies like signatures, strong naming and integrity verifiers.

Success Stories

Aujas helps Leading Mobile Software provider with Mobile Security services

The client wanted to develop strong controls to test and validate the security posture of the application before it's deployed to the UAT and production. Aujas was responsible to handle the entire application stack security which is part of the Risk Management and also perform Security Awareness Training to newly joined employees. The delivery model resulted into implementation of strong controls before the software could be deployed.

Aujas provides Secure release services for Leading Telecom software company based in India

The client was looking for a trusted and experienced business partner to work as their extended team to conduct security code review, security assessment, coordination with development team to fix security issues. Aujas proposed a delivery model to cater to on-going testing requirements and also handle sudden peak in demand due to business reasons. Aujas assigned a full time consultant onsite to handle day-to-day services.

Aujas Provides Security Assessment Service to a Technology Solutions Partner for global Manufacturing corporations

The client partner with global automotive and semiconductor corporations in bringing products faster to their target markets and endeavor to be #1 in IP led Advanced Technology solutions for the automotive Industry. Aujas carried out Application Assessment for DCMS application. The scope of assessment was to find potential vulnerabilities in the applications and suggest possible remediation recommendations to fix those vulnerabilities.