SDL Tools Integration
Integrating any technical Secure Development solution into your existing business processes and practices can be difficult. GDS provides a flexible, tailored, approach to assist organizations in making the most of their investment in automation.
Static Analysis allows us to examine large volumes of source code, and evaluate them for the presence of security vulnerabilities. Generally implemented as an automated solution supported by manual expertise, GDS has experience in the planning, implementation, customization and rollout of Static Analysis tools. GDS is also partnered with the market leader in this space, Fortify Software, and can provide vendor independent advise and expertise to make best use of your investment.
Regardless of at what stage you are at, GDS can assist with the implementation or operation of a Static Analysis capability. Examples of the types of areas in which we can assist include:
Software Security Group (SSG) Resource
Deployment of a Static Analysis toolset will often require specialist skills, such as security source code review knowledge, in order to most effectively make use of it. Either as a bridging measure together with developer mentoring while an organization builds it's internal capability, or as an adjunct to your security team to provide specialist security code review skills, GDS can provide these resources.
Implementation of any Static Analysis toolset potentially requires changes to a number of business processes and practices across different areas of an organization. GDS can provide expertise and the experience of successfully deploying Static Analysis solutions at a number of different customers to plan and carry out your implementation.
Static Analysis can provide useful security insight from installation, however to get the full value of this analysis approach, the toolset will need to be customized in order to be fully aware of the unique properties of your application architecture. Through discussion with application developers and architects, together with the development of custom rules and queries, GDS can help provide this deeper analysis and reveal additional security issues and insights.
Runtime Analysis allows us to conduct analysis on applications as they are running. This allows us to analyze the application within the context of the architecture and infrastructure that it runs in, and can provide valuable insight into the security of the application as a whole. GDS has experience in the implementation and deployment of solutions from HP and Fortify Software, providing an independent source of advice and expertise customized for your organization.
Examples of the areas that GDS can assist with Runtime Analysis include:
Runtime Analysis as part of Software QA
Runtime Analysis can provide powerful security insight into security issues when used as part of a software QA process. Deployment of a software solution that will highlight security issues during the performance of normal software QA testing can assist in the detection of issues earlier in the software lifecycle, even in situations where QA staff are not themselves security aware, and ensure issues are addressed earlier.
Deploying Automated Application Scanning
The use of Runtime Analysis can provide automated security assurance over an organization's application inventory. This could include the use of automated web application scanning solutions as part of periodic security assessment, or as part of regular ongoing assessment activities on an organization's Internet facing applications. GDS provides expertise with deploying solutions from HP, scaling from small development and security teams, up to Fortune 500 organization's seeking to assess their Internet presence.
In addition to SDL Tools Integration, GDS offers the following related services: