As your security partner we support you in securing your systems and products and go far beyond classical penetration testing with our 'Security Testing Process' with 5 methods. With our process we help you to secure your systems in all phases of the development of your software.
The core of our service offering is a tool-supported, comprehensive security testing process for software and hardware, which accompanies the entire development process and checks and analyzes security aspects in design, implementation and deployment. In the design phase, requirements analysis and threat modeling are used to examine the security architecture from an attacker's perspective and identify threats. Our holistic 'Security Testing Process' is based on industry standards such as ISO 27034, the OWASP Software Assurance Maturity Model and the Secure Software Development Life Cycle (S-SDLC, Microsoft) and consists of the following five methods:
- Requirements Analysis: Developing software with an appropriate level of security
- Threat Modeling: modeling potential threats based on the security architecture
- Static source code analysis: detailed examination of source code
- Dynamic Source Code Analysis – Fuzzing: identification of previously undetected vulnerabilities
- Penetration Testing: controlled attacks to identify security vulnerabilities; includes vulnerability assessment
In the design phase, requirements analysis and threat modeling are used to view the security architecture from an attacker's perspective and identify threats. The source code is examined for security vulnerabilities using Static Source Code Analysis. Dynamic Analysis (fuzzing) is used to identify previously undetected errors and security vulnerabilities in the binary code in a semi-automated and cost-saving manner. Static and Dynamic Analysis gives developers an overview of their source code and ensures that it is compliant and free of security vulnerabilities. As a final step in the security testing process, penetration testing is used to identify vulnerabilities in their products and systems from an attacker's perspective.
Our goal is to help companies in the best possible way to protect themselves against cyber attacks and to develop a comprehensive security strategy. The systematic prevention, detection and defense of cyber attacks with target-oriented, forensic analyses of systems and networks using standardized methods is also part of softScheck's portfolio.
softScheck is also a member of the Alliance for Cyber Security and offers training courses and workshops on topics such as Secure Development, Threat Modeling, Web Application Security and Mobile Security. In addition, we offer consulting services for certifications and, as an examination partner of TÜV Saarland, we perform security testing as part of certifications. In addition, we offer our softScheck Cyber Security Seal after a comprehensive audit with our process.
Our employees have expertise in the relevant IT security areas. International experience and interdisciplinary know-how in virtually all industries as well as numerous publications, presentations and media appearances make softScheck your partner of choice in all security matters.
Do you want support in securing your systems and products, then contact us!