Threat Modelling and Security Requirements Identification
Threat Modelling and the identification of Security Requirements are two essential processes for the cybersecurity of any organization about to create software or an information system. It’s a service focused on determining and analysing potential threats that could impact an application or system in development. This service utilizes internationally recognized methodologies such as STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) and PASTA (Process for Attack Simulation and Threat Analysis), to identify, quantify, and address threats that could turn into a risk for the organization. Upon completion of the project analysis, possible Security Requirements are suggested that can mitigate or eliminate the identified threats.
This service closely aligns with the OWASP SAMM (Software Assurance Maturity Model) methodology. OWASP SAMM is a framework designed to help organizations formulate and implement a strategy for software security that is integrated into the secure development process.
Secure Coding & Manual Code Review
This service focuses on source code review to identify potential security vulnerabilities. It uses a combination of manual and automated techniques to examine the source code. This service is particularly useful for detecting vulnerabilities that are inserted into the application code while it is being developed and before it is released into the production environment, thus preventing them from being exploited by malicious actors.
For this service, Secure Coding and Code Review methodologies provided by OWASP are also used, ensuring complete coverage and reproducibility of test cases.
Threat Modelling and the identification of Security Requirements are two essential processes for the cybersecurity of any organization about to create software or an information system. It’s a service focused on determining and analysing potential threats that could impact an application or system in development. This service utilizes internationally recognized methodologies such as STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) and PASTA (Process for Attack Simulation and Threat Analysis), to identify, quantify, and address threats that could turn into a risk for the organization. Upon completion of the project analysis, possible Security Requirements are suggested that can mitigate or eliminate the identified threats.
This service closely aligns with the OWASP SAMM (Software Assurance Maturity Model) methodology. OWASP SAMM is a framework designed to help organizations formulate and implement a strategy for software security that is integrated into the secure development process.
This service focuses on source code review to identify potential security vulnerabilities. It uses a combination of manual and automated techniques to examine the source code. This service is particularly useful for detecting vulnerabilities that are inserted into the application code while it is being developed and before it is released into the production environment, thus preventing them from being exploited by malicious actors.
For this service, Secure Coding and Code Review methodologies provided by OWASP are also used, ensuring complete coverage and reproducibility of test cases.
