When away from home, would you leave your doors unlocked? Would you trust a thief with your wallet lying around? While the answers to these questions require little thought, many organizations overlook taking the same precautions with their most valuable assets – the software responsible for critical business operations. Insecure software presents attackers with an invitation to break into your network and steal immeasurable amounts of data: financial records, correspondence, customer databases, trade secrets, and employee lists, to name a few. In an age where the frequency and sophistication of attacks grow exponentially more intense over time, reactive security alone is no longer sufficient to adequately protect your information from compromise. To address this urgent concern, innovative firms such as Ciphent implemented a synthesis of information security and software development to proactively prevent intruders from breaching your infrastructure. The resulting concept – secure development – was designed to eliminate as many vulnerabilities, bugs, and defects as possible throughout the entire software development lifecycle.

Unfortunately, many organizations overlook the value of building security into their software during the development process. Given the relentless onslaught of attacks directed toward software, an ounce of prevention is worth a pound of cure. Statistically speaking, the time a software vulnerability is detected in the overall SDLC is directly proportional to the cost to repair the damage caused by that vulnerability. In other words, early detection equals cheaper cost. Other benefits of secure development include:

- Minimizing the chances of an attacker exposing software defects
- Increasing productivity which would have otherwise been spent fixing software defects
- Maintaining customer and employee loyalty
- Minimizing retroactive security costs after implementation
- Mitigating risk of media exposure due to a security breach
- Reducing liability for damages resulting from a security breach

Ciphent can help you enjoy these benefits by securely developing your software. Our methodology emphasizes security as a top priority rather than an afterthought. Hence, our methodology entails a comprehensive, end-to-end approach that integrates secure engineering, assessments, health checks, testing, and validation into the development process. The following describes at a high-level Ciphent’s approach to secure development

Ciphent’s Approach to Secure Development

1. Create a security baseline:
Identify possible threats through threat modeling
Perform a risk analysis
Research compliance regulations and security standards
Establish guidelines and rules
Create a security policy
Document security requirements and benchmarks to fulfill each requirement

2. Architectural and design:
Modeling
Identifying patterns
Architecture Review

3. Ensuring code is secure:
Examine weaknesses in code
Differentiating design from implementation
Employ cryptography

4. Test the software:
System testing
Benchmarking results
Install test hardware and software
Develop test bed scripts
Redefining test scripts
Documenting problems

5. Determining potential for breach and preparing for deployment:
Prioritizing risks
Addressing any new security issues
Educating staff and network engineers
Setting access control lists and file permissions
Setting appropriate configurations
Determining methods for progress monitoring