Interested in secure software development in your organization? We offer several services: the Secure Software Assessment, Secure Software Coaching and Secure Software Training.
Traditional pentests are showing their limitations: resources are not spent in the most effective way. Lack of time or not enough understanding of the used technologies result in lower quality pentests.
The Secure Software Assessment takes a different approach, based on the Framework Secure Software (see Resources.) Instead of only looking at the running system, we look at requirements, architecture, code and tests to assess the system’s security. This will uncover many design weaknesses, business logic problems and secure coding mistakes that would have gone unnoticed in a traditional pentest. By working with the development team instead of against them, development expertise and security expertise are combined, resulting in a more effective assessment. This can be done without compromising the assessor’s independent position.
In addition, the software development process is looked at, to see if secure software practices are embedded in the software development lifecycle and if they can sufficiently guarantee a secure enough future version of the software.
The assessment can be executed in phases, so there is no need to wait for a working product to get started.
For more information, please contact Tim Hemel: services at securesoftware dot nl, or using the email link at the bottom of this page.
Is the development of secure software vital to your organization, but do you lack the expertise or resources in your development team? Then Secure Software Coaching may be an interesting approach to improve your team and secure your software at the same time.
Most secure software training programs focus on general programming frameworks and programming languages. While this works to learn the basics of secure programming, it will not provide the specific information that is needed for your particular situation. Secure software coaching can fill that gap. Together with the development team, the secure software coach helps the team advance and get the knowledge that is needed.
For more information, please contact Tim Hemel: services at securesoftware dot nl, or using the email link at the bottom of this page.
Most software developers have never learned about secure software development during their education, and if they did, chances are that what they have learned does not match today’s reality.
A two-day secure programming course is available at Security Academy.
If you need training on a specific topic, such as OWASP ASVS, Threatmodeling, Grip op SSD, browser security, or other, a custom training can be created.
For more information, please contact Tim Hemel: services at securesoftware dot nl, or using the email link at the bottom of this page.