Biztonságos szoftverfejlesztés

Services

Secure Software Development

Cyber Risk Services

Organisations store sensitive information to a large extent in custom developed applications designed and developed specifically for this purpose. Due to their nature security should be a crucial aspect of these applications and should be included in the software development life cycle.

Challenges

  • Due to the rapid changes in the business environment, emphasis is on functionality development, not on security.
  • Developing secure software needs special knowledge, tools and methodologies. Developers often lack this expertise.
  • Security is often only thought of after breaches and attacks are detected.

Deloitte approach

The Deloitte approach focuses on embedding security in all phases of the development process:

  • Analyse the current process against best-practices for secure software development.
  • Define an updated process which includes security in all phases of the development: design, implementation, testing and operation.
  • Assist the organisation in developing methodologies, templates, test-plans to implement the secure
    software development process.
  • Deliver training to personnel involved in software development.
  • Enable organisations to ensure that 3rd party developments meet their requirements by implementing guidelines, assessment methodologies and processes.

Deloitte services

  • Periodic training of developers on common security vulnerabilities, developer best practices and testing techniques.
  • Definition of explicit security requirements based on relevant risks to the application.
  • Measurement methodology on how security requirements were implemented in the application and how they have been tested.
  • Definition of test-cases specifically to test the security of the application.
  • Periodic security monitoring of the applications and any third party components for vulnerabilities after deployment.

Why Deloitte?

  • Readily available methodologies for secure software development, including regulations, guidelines and assessment tools.
  • Qualified team not only with deep understanding of security, but with experience in software development and testing.
  • Complete service offering with support from design though implementation and testing to operation.