Once the design of a system has reached a sufficient level of detail, it can be extremely valuable to perform a design review.
Also in existing systems it can be essential to look at the design with today’s security threats to know where additional mitigation measures are necessary to lower risks to your systems and data. The goal of Secura's Design Review is to identify security improvements that are applicable to the environment as early as possible, to prevent design decisions from turning into costly production changes, or disastrous data leaks.
In a design review Secura will review all available (relevant) design documentation and discuss this with your architect, technical owner and/or developers. The benefit of a design review is that the design can be verified against the information security policies (if available) and best practices of your organization.
When securing an application, system or the complete chain, it is important to know from which perspective threats arise and how a system can be attacked.
Threat Modeling can be very useful to stay in control of security, while still retaining the flexibility to improve and change. The big advantage of Secura's threat modeling is that the graphical representation of the (information flows within the) applications / systems can be used to detect and prevent security errors more quickly.
Threat Modeling gives a complete picture of the threats and possible attack paths. These attack paths can subsequently be used for instance to create efficient test scenarios, design adjustments or to define additional mitigating measures. Next to the result, the threat modeling workshop is a great way to raise security awareness and collaboration. This allows you to execute concrete next steps in improving security.
During a source code review, Secura's consultants assess the source code of your application. Through manual and systematic inspection they trace vulnerabilities and bugs in your software.
The major advantage of a code review is for you to know how safe your application is at a certain stage of its development, or what risks are inherent in continuing along a certain software track. A weakness in the source code does not necessarily mean an immediate danger to your IT security, but could cause a hole in your defences in the future if it is developed further.
Secura will record the outcomes of a code review in a clear report with recommendations you can employ in the next stages of your software development.