Latest tweets

Studium zdarma, školení zdarma, výborní lektoři, fajn spolužáci, stipendium. To je JAVA CLEVER AKADEMIE! http://t.co/b8a18Y5wiq

O naše zkušenosti s vývojem a dodávkou MOBILNÍ BANKY se podělí @JiriProchazka. Mobile Monday, 3. 6., Bratislava - http://t.co/SzetzdhqKw
Career
More positions

Design and develop secure applications from the very start of their life cycle.

In general, many applications and software are created properly from an architectural standpoint, but still have security issues. Developers and testers often focus predominantly on required functions and their proper operation. Yet they forget that the supplementary security solution often figured out in the final stage of the application's development can cause considerable losses.
If security is not an integral part of the SDLC (Software Development Life Cycle), there usually occur various omissions and the creation of security holes. Moreover, not even the development itself is secure, since frequently there are absolutely no obligations and responsibilities assigned to developers in protecting the created code.

That is why AEC, the security division of Cleverlance, has come up with a comprehensive security solution.  This is a set of measures and methods to ensure that the software is secure for its entire life cycle - SDLC (Security Development LifeCycle). Thanks to our long-time experience in the area of security we can offer an extensive portfolio of other useful products and services. To develop software we thus use risk analysis, threat models, security documentation, business continuity management or the Web Application Firewall.

Main benefits

  • Rectifying security errors in the analysis phase is 100 times less expensive than correcting them in the completed software (Fortify Software analysis).
  • Lower TCO (Total Cost of Ownership) and higher ROI (Return On Investment) – for instance correcting a mere 50% of vulnerabilities before the application's launch into production means 75% lower costs (Gartner Group analysis).
  • Unique methodologies owing to tight cooperation between the team of security specialists and team of developers.
  • An unrivalled vast team of certified specialists for various platforms with full substitutability (J2EE, .NET, Oracle).
  • Many years of experience with front-end application security.
  • Reduction of operating risks and strengthening the company's good name.

 

Detailed information on secure software development

Security Software Development LifeCycle is an elaborated procedure that helps to secure the software from the very beginning of its development up to the point where it goes live - e.g. during its whole lifecycle. Such software is more capable to resist various attacks because of its clear security structure. The SDLC is able to save resources of the organization simply by a smaller number of security interventions and necessary security patches. We can say that SDLC is the best prevention that helps protect software as well as the good name of the organization.

According to Gartner, 80% of all successful attacks are carried out through web applications. And according to Forrester, 36% of customers do not make use of services provided by web applications due to concerns of whether they are safe.

Security aspects take on even greater importance as applications are increasingly moving to the Internet in both a communication sense as well as their physical location. To create the most secure application, security must be taken into consideration in each phase of the development cycle. Security must foremost be understood as a process, and it is from this perspective that it should be approached in being developed. For instance, a comprehensive methodology that serves as a guide in implementing security into the developed application should be available.

Our specialists can provide an organization with effective assistance, especially in creating a specific methodology for developing software. This methodology contains security mechanisms applicable for all phases of the development cycle – from the initial analysis and determination of (security) requirements to the developed application, to testing and launch of the application into operation.

The following standards and other materials can be used as a gauge in introducing security into development:

  • ISO/IEC 27000 Series (27034 – Guidelines for application security);
  • Common Criteria (ISO/IEC 15048);
    NIST, FIPS 200,
    - SP 800-64 - Security Considerations in the System Development Life Cycle,
    - SP 800-53 - Recommended Security Controls for Federal Information Systems and Organizations;
  • OWASP;
  • CLASP (Comprehensive, Lightweight Application Security Process).

The main benefit of this service is the development and production of secure software. The created methodology always determines the specific processes and principles whose introduction to the developed applications will significantly reduce the risk of possible vulnerabilities and security weaknesses occurring.

Cleverlance ensures that security is part of application development

  • from the analytical phase,
  • customized to the organization’s specific requirements and methodologies,
  • based on the generally acknowledged methodologies of NIST, OWASP and ISO/OSI.

 

The solution is beneficial for

  • applications developed in your company,
  • supplied applications.

More information on secure software development can be found on the website of AEC (a division of Cleverlance).