Applications are complex. Software development is complex. Understanding the situation is fundamental to application security.
There is a lot of pressure for companies to produce software applications that are “secure”. Software today is under the microscope of the users and any vulnerability found can be devastating to the company. Jardine Software Inc. has years of experience focusing on application security. We believe that security is not an additional feature, but a required core feature to all software.
A security review is a process to work with the security and development teams to understand the current application security practices. Once the initial baseline is established, recommendations are created to help identify what opportunities are available to mature the application security program.
It is recommended that the review is performed over a 30 day window to allow more time for discussion and analysis of the current program. The review consists of multiple sessions to gather information and discuss the program. The extended time frame relieves some of the pressure to get information in a day or two. It allows for minor delays to not impact the overall engagement.