Daniel Securities, Ltd.

About | Contact
System Security | Software Security
About
Contact
Publications

Software Security

logo

Daniel Securities specializes in a unique, holistic approach to software security that helped develop the Secure Software Development Lifecycle (SDLC) more than a decade ago. This time-tested and proven method is more effective than other software security approaches. Our oldest operational system has been in use for more than twelve years and never experienced a compromise or failure. No system developed using this approach is known to have experienced a compromise or failure. Our techniques have been used to secure software as diverse as:

 

Secure Software Development Lifecycle (SDLC)

The Secure Software Development Lifecycle is a method of software development that intergrates software security into the very fabric of software development. When well executed, software security experts stay involved from the generation of requirements to the decommission of the system. Our experts will help your standard SDLC (regardless of the methodology you employ) meet any requirements, standards, guidelines, and laws for secure development. Our keen insight will prevent your software from being the cause of a compromise.

Source Code Review

Source code review is the identification of security flaws and functionality bugs during or after the primary phase of software development. This critical step must be conducted by experts who have security-specific knowledge and training to support the primary test and development staff. Our review methodology involves a mixture of automated and manual code review that delivers in-depth security analysis and remediation before an attacker can exploit vulnerabilities. During this process we find security flaws and also identify where algorithms and code can be enhanced to improve efficiency.

Source Code Audit

Source code auditing differs from source code review in that it is specifically looking for code that violates coding guidelines, standards, or requirements. Auditing is a more targetted approach to the source code review process and is intended solely to maintain compliance with standards. Some example standards include:

  • DISA STIGs and Checklists
  • OWASP guidelines
  • MITRE and SANS guidelines
  • NIST guidelines
  • W3C standards
logo About | Site Map | Privacy Policy | Contact | ©2004- 2024 Daniel Securities