.::| eWebStudy.com |::.

Home

The Source Code Security Audit

The use of the source code security audit helps identify security vulnerabilities in the design, development and implementation of an application's source code early enough in the application lifecycle that it will result in protection from vulnerabilities. eWebStudy is a trusted partner in the process of applying security metrics to pre-deployment applications.

The eWebStudy Source Code Security Audit addresses the following technology challenges:

Minimize amount of security vulnerabilities in developed or integrated software solutions;
Protect Intellectual Property (IP) contained within developed software solutions;
Minimize STRIDE threats.Our Clients are usually seeking for the service under the following circumstances:
Software solution already exists (released or about to be released);
A security issue was discovered and/or exposed to the public;
Lack of internal expertise and/or resources to perform source code security audit;
Compliance requirement of external audit.

Typically, the following additional work may be resulted from the service:

Software Security Training;
Ongoing Security Advisory Consulting for Development teams;
Implementation of fixes for identified security issues.

eWebStudy provides complete source code security audit services, allowing clients to evaluate their existing level of application security and help define strategy to mitigate identified risks. This includes the following steps:

Security risk assessment and analysis;
Manual and automated source code review;
Identified risks mitigation strategy definition;
Implementation advisory for development teams.

Other Aspects of the Source Code Audit

A Security risk assessment and analysis step is performed to identify risks affecting the system, to understand the attack surface, types of technologies used, external dependencies and other factors important for risk analysis and subsequent steps. As part of this step, threat modeling is used to identify what parts of the software require the most attention from a security point of view and is used to structure the source code review process. This is proven to be an efficient technique, especially for large systems consisting of hundreds of thousands lines of code or more.

During the manual and automated source code review step, an application is validated against most common threats and attack types, including various injection types, buffer overflows, undocumented public interfaces and others. All identified issues are classified in accordance with established rankings and then prioritized.

During identified risks mitigation strategy definition step, the security advisors at eWebStudy define the best way to mitigate the most important issues. In many cases, the capability to change the architecture of the system is limited and may be very expensive. Mitigation strategy in that case includes alternatives, which are easier to implement and deploy.eWebStudy provides an implementation advisory for development teams, in order to ensure proper implementation of the suggested risk mitigation strategy. A security advisor is assigned and made available to the client�s development team. The advisor�s role is to ensure that each software engineer involved in the resolution of identified security issues gets the full required knowledge and advice to implement corrections. Implementation is then reviewed for final validation.

An alternative to the advisory step for the client�s development teams explained above, eWebStudy may implement the strategy in lieu of the client through our specialized Technology Delivery Services if the client is not willing to use its internal resources or existing development vendor to do this.

To inquire about adding our specialized security services to your IT project team, contact us as soon as possible.

Corporate Services	SAP	Datawarehousing	MS Technologies	Other Technologies	Company
Technology Consulting Software Prototyping Custom Software Developing Software Product Development Enterprise Application Integration Software Security Consulting Virtualization Management Dedicated Development Centre Software Testing and QA Maintenance and Support Complete BPO & KPO Solutions Corporate Training SAP Solution Manager	SAP FICO SAP MM SAP HR SAP SD SAP BI/BW SAP CRM SAP SRM SAP APO/SCM SAP Xi SAP ABAP SAP ABAP OBJ SAP Security SAP BASIS	Informatica OBIEE Congos DataStage Taradata v13 BO DI MS BI BI BW Microstrategy BO XI	Window Server SQL Server Exchange Server Share Point System Centre & Management Virtualization Management IIS Project Server Admin VB.NET ASP.NET C.NET Web Development Azure XML Window Mobile	SAS SAS CDM Oracle 11g Oracle 11g DBA Oracle WebLogic Java Advance Java Web Technologies Android Basic Android Advance iPhone Apps PHP SQL Server DBA J2EE UNIX Solaris Admin Web Designing	Home How We Work Quality Assurance Careers Job Opportunities Join Our Team About Us Contact Us

Home K-12 Tutoring IT Training Services How We Work Careers Contact Us
Copyright © 2008 - 2012. All rights Reserved.	Powered By Dhruva Consulting, Banglore, India.

The Source Code Security Audit

Other Aspects of the Source Code Audit

Corporate Services

SAP

Datawarehousing

MS Technologies

Other Technologies

Company