Security Engineering | Blaze

Security engineering

Day-one security for your software projects

Security
Development Lifecycle

2-4 engineers
4-8 weeks (est.)

Security Development Lifecycle is the process of embedding security best practices into the foundation of the software engineering process. Depending on your preferred methodology, whether Waterfall, Agile or DevOps, we will advise you on the most suitable approach to develop software securely.

Early in the project phase, Blaze advises customers by building security in every element of the project with activities such as: definition of the security requirements and objectives, design review, threat modeling, source code analysis, penetration test at each major release, fuzz testing, secure programming guidance, and more.

The different activities during SDLC projects aim to reduce the attack surface offered by the project and its systems, strengthening its confidentiality, integrity and availability. This reduces the chances for fraud and future maintenance costs to correct defects originated from security flaws.

Threat Modelling
and Design Assessments

1 engineer
1-3 weeks (est.)

Threat modeling aims to identify, communicate and understand threats and their respective mitigations within the context under scope.

Threat modeling can be applied to software, apps, systems, networks, distributed systems, IoT, business processes, etc. The main idea is to analyze the target and attempt to predict all associated risks in order to mitigate or remediate them.

Threat modeling can be performed at any stage of development but preferably as early as possible.

Source
Code
Review

1-2 engineers
1-4 weeks (est.)

The existence of software vulnerabilities often originates in the source code. Our experienced consultants are able to perform code review of software written in popular languages such as Java, Ruby, Python, C/C++, PHP, ASP.NET, C#.NET, as well as less popular ones such as Solidity, for smart contracts and blockchain applications

The review consists of code scanning using a security-focused static analysis tools together with man-powered expertise to perform a manual code review to identify vulnerabilities and design errors that can pose a serious risk to the application.

The final result is a description of all issues discovered along with information advising your development team how to fix the vulnerabilities identified and how to prevent similar design and implementation mistakes in the future.

Loading...