SDLC Review
Software applications, whether custom or purchased, provide access to
the core assets and processes within the organization. The Systems
Development Life Cycle Assessment will look at each stage of the SDLC to
ensure that unnecessary risks are not introduced into the business. Our
security specialists will then make recommendations to ensure that best
practices are met. Primary aspects of this phase will involve interviews
with key members of the development team and business sponsors and a
review of any available artifacts such as: requirements, designs, test
plans, etc. Halock will review applicable architecture and database
design, correlate vulnerabilities and provide best practices training
and guidance for establishing and maintaining a secure SDLC. The SDLC
Assessment is best performed in conjunction with an
Application
Code Review.
Areas of Coverage
- Applicable regulations requirements
- Security requirements including mis-use cases
- Traceability of requirements throughout the SDLC
- Use of appropriate identity and access management
- Proper use of session management
- Database security configuration
- Defensive coding techniques to prevent vulnerabilities
- Security validation techniques
- Appropriate use of automated testing tools (for load, function and
security testing)
- Current assignments of security roles and responsibilities
- Adequate use of other best practices and standards
The SDLC Assessment will provide you with the advantage of understanding
the source of identified Web application vulnerabilities. You will
receive expert recommendations for remediation of identified
vulnerabilities and you will attain a better understanding of best
practices, methods and techniques to incorporate into the SDLC.