Medium & Large Business

Assessment of the security characteristics of software systems at the levels of design and implementation

Despite sophisticated development methodologies, most software is developed on the basis of practices and standards that are not well attuned to meeting increased security requirements.  As a result, software is being built with exploitable code that could be hacked.

There is more information published about how to perform attacks at the software level that could put integrity, availability, confidentiality and privacy of the information at risk. OWASP has catalogued over 100 methods of application attack. In addition, organizations may have many applications in place and detecting as well as eliminating security vulnerabilities at the source code level has been costing and time consuming, increasing the risk that hidden issues go undetected.

Software security is an industry-wide challenge.  Software developers and their managers generally do not have an educational background in secure software architecture, secure software implementation practices, software security testing, or any of the other security-sensitive processes at each stage of the software development lifecycle.  Besides, QA and audit processes do not necessarily identify hidden and complex security vulnerabilities at the software code level.

Software and application security risks directly impact compliance with legislative and regulatory frameworks including SOX, Bill 198, NERC, and PCI, as well as representing potential immediate risk to the enterprise.

Key Benefits

TELUS Software Security Architecture and Source Code Reviews help you achieve the following objectives:

• Software code resistant to published and unpublished security vulnerabilities
• Software that safeguards customers’ information privacy
• Trained developers in code security deficiencies and remediation, reducing costs and time
• Software compliant with internal and external requirements

In addition, have access to unique expertise:

• Access to security experts who are the key providers of the intelligence put in the security tools that go to the market
• Research team that powers the products of 4 of the top 6 network based security vendors, and over 20 security product vendors
• Access to security experts who have worked on complex software security projects for security software product vendors,  financial systems vendors, and high tech manufacturers
• Access to highly experienced secure software practitioners who have developed software security testing tools