Product Security

Comsec Consulting has developed a systematic methodology, based on best practice methodologies and frameworks. Our comprehensive approach is tailored to the needs of your organization, and provides a wide range of services throughout all stages of an product's lifecycle

Product Security

The Challenge
What are security bugs costing your organization?
According to experts, most security defects are not likely to be found through traditional testing processes. Analysis of documented security incidents and vulnerability trends in COTS (Commercial-off-the-shelf products) shows that most vulnerabilities (95% according to one survey) originate from non-secure development practices. In the case of a software or product vendor, potential impact directly affects sales volume and competitive advantage.

Our Approach
With over 25 years of experience, Comsec Consulting has developed a systematic methodology, based on best practice methodologies and frameworks, including OWASP, OSSTM, SANS, NIST, ISO 27001 and others. Our comprehensive approach is tailored to the needs of your organization, systems, classifications and technologies in use.  Our approach enalbles organizations to measure performance and identify potential improvements to the product security lifecycle process.

Product Security Services
Comsec provides a wide range of services to accompany your organization throughout all stages of the product development lifecycle, as well as customized services as required. Standard services include:

• Product Security Policy & Procedures Formulation
• Complete Product Security Review
• Secure Architecture Analysis & Threat Modeling
• Product Security Design Evaluation
• Penetration Testing
• Security Code Review (CoDefend)
• Secure Coding Guidelines for Developers
• Security Training and Awareness sessions for Developers
• Secure Design and Coding Consulting
• Gap Analysis to Security Standards / Specifications
• Third Party Security Analysis
• Building Customized Organizational Product Security Development Lifecycle process

Furthermore, Comsec has special expertise in securing:
• Internet facing Web Sites & Services
• Financial Core applications (e.g. e-Banking, Online Trading)
• PCI related applications (e.g. Payment Gateways, Payment terminals)
• Mobile Applications (covering Android, iOS and J2ME)
• Core business applications (e.g. ERP, CRM, EBPP, Billing)
• Core applicative infrastructure (e.g. SOA, Middleware, DW, Databases)
• Security related applications and products

Product Security Framework 

 

 

Product