FOXMOLE also offers Architecture Reviews, during which an enterprise wide view of the software development methdology is taken, and recommendations made. The insights shared after these reviews help create a sustainable improvements in derisking the creation of both core customer facing and internal applications. Parallel with these reviews, FOXMOLE can also undertake a Threat Analysis, that identifies the severity of potential threats and their overall significance, coupled with recommended remediation actions to prevent these threats becoming a reality.
A core service FOXMOLE provides is a Source Code Audit (or Source Code Review), the systematic examination of source code by independent experts.
FOXMOLE distinguishes between three types of source code audits:
Formal source code reviews require a complex process with various iterations. In this process the code is systematically examined using various formal methods. Although this sophisticated review is well suited to identifying vulnerabilities, it is very complicated. It is not always feasible for major software projects.
Lightweight code reviews favour efficiency over formal methods. The main reason for the increased simplicity of this process is the experience of the review expert.
In pair-programming (also known as extreme programming), two developers work on the same workstation. The work is divided so that one developer programs while the other observes. This method is used to share expert knowledge within the development team. Obvious mistakes are immediately identified and avoided.
FOXMOLE does not offer 100% automated testing using conventional analysis tools, as this is insufficient for professional risk management. The objectives and benefits of a code audit include:
As the DevOps methodology becomes increasingly adopted, so has the conceot of DevOpsSec, a recognition of the importance security plays in the software development process. FOXMOLE delivers enduring improvements that help clients minimise the risks to their reputations when delivering major new apps,and launching new products and services.