Application Security: as the consumption of "apps" grows exponentially, so do the potential risks.

 
FOXMOLE takes a comprehensive view of the software development process, reviewing current client practices and demonstrating how to create a Secure Development Lifecycle from the outset, with security considerations "designed in", not left as an afterthought. Learning by doing is fostered via Secure Coding Workshops, where developers can learn the core principles essential for building robust applications.

FOXMOLE also offers Architecture Reviews, during which an enterprise wide view of the software development methdology is taken, and recommendations made. The insights shared after these reviews help create a sustainable improvements in derisking the creation of both core customer facing and internal applications. Parallel with these reviews, FOXMOLE can also undertake a Threat Analysis, that identifies the severity of potential threats and their overall significance, coupled with recommended remediation actions to prevent these threats becoming a reality.

A core service FOXMOLE provides is a Source Code Audit (or Source Code Review), the systematic examination of source code by independent experts.

FOXMOLE distinguishes between three types of source code audits:

  • Formal Code-Review
  • Lightweight-Code-Review
  • Pair-Programming

Formal source code reviews require a complex process with various iterations. In this process the code is systematically examined using various formal methods. Although this sophisticated review is well suited to identifying vulnerabilities, it is very complicated. It is not always feasible for major software projects.

Lightweight code reviews favour efficiency over formal methods. The main reason for the increased simplicity of this process is the experience of the review expert.

In pair-programming (also known as extreme programming), two developers work on the same workstation. The work is divided so that one developer programs while the other observes. This method is used to share expert knowledge within the development team. Obvious mistakes are immediately identified and avoided.

FOXMOLE does not offer 100% automated testing using conventional analysis tools, as this is insufficient for professional risk management. The objectives and benefits of a code audit include:

  • Increased security on an organisational level
  • Increased security on a technical level
  • Detection of critical security vulnerabilities
  • Identification of design and programming errors
  • Expansion of expertise for existing development projects

As the DevOps methodology becomes increasingly adopted, so has the conceot of DevOpsSec, a recognition of the importance security plays in the software development process. FOXMOLE delivers enduring improvements that help clients minimise the risks to their reputations when delivering major new apps,and launching new products and services.  

 

Contact Us

Please call +49 6151 86086-277 (Germany office hours)
or email: info@foxmole.com