PRODUCT SECURITY MANAGEMENT
In order to deliver this service we perform interviews and analysis to:
- Identify and understand of security requirements;
- Model threats and analyse risks;
- Develop a security architecture;
- Implement secure coding and testing of the application;
- Automate the security review of the source code;
- Define security controls for all stages of the software life cycle;
- Assure that the systems are built, distributed, deployed, used and disposed of securely.
SECURITY DEVOPS SERVICES
If you are especially concerned about the quality and security of your software releases and maintenance operations, you should consider using our Security DevOps (also referred to as DevSecOps) services, which provide a much more stringent security:
- Quality and Security Gate. This is a simplified express service especially suitable for multiple products. The security checks can be done for monthly product releases, for instance. To estimate the labor intensity of this service, we need from you the information about the technologies you use, the number of lines of source code, etc.
- Extended Product Security DevOps. This service is intended for deep comprehensive security testing and monitoring of your products. Especially if they face changes often, even daily. To estimate the labor intensity for this service, we need from you the information about the technologies you use, the number of lines of source code, number of weekly or monthly changes, etc.
- Express Security Operations Center (SOC). This service includes the implementation and/or maintenance of information security event monitoring and incident response processes and controls. We integrate security vulnerability and source code scanners into your infrastructure, configure the round-the-clock scanning and security incident response procedures. On demand, we configure a Security Information and Event Management (SIEM) system for your environment. We have a positive experience of relatively quick implementation of and effective results from the customized solutions based on Syslog-ng, Graylog, Wazuh, OSSEC, ElasticSearch, Logstash and Kibana. To estimate the labor intensity for this service, we need the details the infrastructure of your solution, services, API and support team.
To guarantee the best results, astarios strictly adheres to international standards, regulations and best practices (e.g. ISO 27034, ISO 15408, NIST 800-64, ISF SoGP, OWASP, Microsoft Security Development Lifecycle, Payment Application Data Security Standards, and others).