Software Security

Comsec Consulting has developed a systematic methodology, based on best practice methodologies and frameworks. Our comprehensive approach is tailored to the needs of your organization, and provides a wide range of services throughout all stages of an applications lifecycle

Software Security

The Challenge
What are security bugs costing your organization?
Security testing alone is not the most effective way of detecting flaws in your application. Analysis of documented security incidents and attack show that most vulnerabilities (95% according to one survey) originate from non-secure development practices, both in standard off-the-shelf packages and in custom developed software.

Our Approach
With over 25 years of experience, Comsec Consulting has developed a systematic methodology, based on best practice methodologies and frameworks, including OWASP, OSSTM, SANS, NIST, ISO 27001 and others. Our comprehensive approach is tailored to the needs of your organization, systems, classifications and technologies in use.  Our approach enalbles organizations to measure performance and identify potential improvements to the software security lifecycle process.

Software Security Services
Comsec provides a wide range of services that can accompany your organization throughout all stages of an application's lifecycle, as well as customized services as required. Standard services include:
• Application / Product Security Policy & Procedures Formulation
• Complete Application Security Review
• Secure Architecture Analysis & Threat Modeling
• Application Security Design Evaluation
• Application oriented Penetration Testing
• Security Code Review (CoDefend)
• Secure Coding Guidelines for developers
• Security Training and Awareness sessions for developers
• Secure Design and Coding Consulting
• Gap Analysis to Security Standards / Specifications
• 3rd Party Product Security Analysis
• Building Customized Organizational SDLP (Secure Software Development Lifecycle Process)

Furthermore, Comsec has special expertise in securing:
• Internet facing Web Sites & Services
• Financial core application (e.g. e-Banking, Online Trading)
• PCI related applications (e.g. Payment Gateways, Payment terminals)
• Mobile Applications (covering Android, iOS and J2ME) 
• Core business applications (e.g. ERP, CRM, EBPP, Billing)
• Core applicative infrastructure (e.g. SOA, Middleware, DW, Databases)
• 3rd Party applications / components review

Secure Software Development Life-cycle 

Software Security