Software Security

Is a security audit part of your software development plan?

A typical software security analysis includes the following:

3

Review of Non-Functional Requirements

We examine your organization’s current set of security guidelines, security policies, coding standards, etc., including their rationale for inclusion. We make recommendations for further augmentation.

3

Code Review

We review the existing code with a focus on mitigating threats identified in the threat model. We pay specific attention to security anti-patterns and areas where code should be refactored for secure coding concepts. We use this information to offer suggestions for remediating security problems in existing code. We then give guidance regarding secure development best practices moving forward. In the absence of a threat model, we focus more on basic secure coding principles than specific measures for identified threats.

3

Security Architecture Review

We review the overall system security architecture, including elements such as web servers, databases, middleware, and interfaces to other systems. When possible, we recommend changes based on threats identified in the threat model.

3

Review of the Working Set

We review the language, libraries, and tools used to develop your system, with particular attention to known outstanding vulnerabilities. When feasible, changes are recommended based on risks present in each tool, followed with advice on mitigating against any high-risk areas through software implementation. When possible, we identify tools that support mitigation of threats in the threat model.

Security Audit

N

Review of access controls and granted privileges with an eye to ensuring best practices (e.g. least privilege)

N

Review of audit and logging in the system and its usage throughout the system. Recommendations for logging best practices are given to facilitate forensic analysis in the event of a security breach

N

Review of data protection practices, specifically the data in motion over networks and at rest in databases. Recommendations are given for best practices, especially for conforming to legal and regulatory requirements as may arise from a review of governmental controls.

N

Review of access controls and granted privileges with an eye to ensuring best practices (e.g. least privilege)

Let’s get started!

WANT TO START A PROJECT?

?

Home

Services
Solution
About Us
Software Development
Graphic Design
Product Development
Consulting Services
Software Security
Application Security
Careers

Site Acts has been designing and developing innovative custom software since 2002. We have built software for over 5000 clients from a diverse set of industries including education, aerospace, music technology, consumer electronics, entertainment, financial services, and more. Coding the impossible.

building of siteacts
Siteacts' logo

208 NORTH LAURA ST STE. 700 JACKSONVILLE, FL 32202
Phone: (800) 973-9940
Phone: (904) 720-3944
Fax: (904)353-4879
info@siteacts.com