Application Security is the fastest-growing discipline of Information Assurance, and rightfully so. Assessments are critical in identifying gaps and areas for improvement. For any new application or system, it is far more feasible to include security considerations during key points of the Software Development Life Cycle (SDLC) – primarily to ensure that proper security controls have been included in the design from the outset, and to also avoid costly and inconvenient retro-fitting of security controls after the software has been launched in the market.
CyberShelter’s SDLC Assessment service offering is built upon the widely accepted five phases of the software development life cycle:
Cyber Shelter's SDLC assessment process
Our assessments are based on security industry best practices drawn from a number of industry sources, including the ISO 27002, NIST-800, ITIL, IWASP frameworks, as well as CyberShelter’s own extensive database of customer secure development lifecycle engagements. This will help to determine the gap between what you are doing now and industry best practices in each area. We identify key points within the process to integrate new or refine existing security activities. We use your goals and key risks to analyze the results of our gap analysis and prioritize the areas most in need of augmentation based on practical and proven IT risk and cost/benefit considerations. This is followed by the creation of a roadmap and program of change that includes recommendations and sequencing- giving your development teams a repeatable and effective process that incorporates security at each phase of the software development lifecycle.
CyberShelter has always striven to be on the front lines of the Application Security battle. This is precisely why our service offering has been meticulously crafted to enable our clients to implement their Secure SDLC right the first time, and thus bridge the gap between their current and desired software development practices, improve development efficiencies and enhance productivity.