Secure Development Lifecycle (SDL)

ISO-compliant software development

While the product and software development security activities are often neglected. The ISO 27034 provides a framework to control all security activities at the organization level. By SASM we provide an ISO 27034 compliant, fully elaborated and certified management process guide – including the integrated, successful methods of the Security Testing Process.

ISO 27034 compliant software development

The core of ISO 27034 is an enterprise-wide library with all the security activities for your software development. Where, for example, the method Penetration Testing, the request of encrypted data transmission and data protection policies are defined as security activities. According to the requirements for the particular product, the created safety activities are executed and checked in the verification phase to their successful implementation.

Our services for you

We support you devolopmenting ISO 27034 compliant software. In a GAP analysis, we examine your present security activities and offer solutions to meet the requirements of ISO 27034 and to shape your Software Development Lifecycle ISO 27034 compliant. Here, the integration effort is kept as low as possible to achieve the appropriate acceptance within the company. SASM is independent of the used software development lifecycle. SASM can be divided into traditional models such as waterfall model, V-model to agile approaches like Scrum.

An elaborate incorporation of all stakeholders in the ISO 27034 is not required when using the SASM process guide. All relevant standard specification are naturally processed and can be accessed by any participant with one click. Our experienced security experts assist you in the implementation and operation of SASM in your company, to make your Software Development Lifecycle Process standards compliant.

Benefits at a Glance

  • Easy to start – no familiarization with the ISO 27034
  • Shorter development times
  • Minimizing the development risk
  • Reduction of the cost
  • Avoiding vulnerabilities during development
  • Appropriate application security level

Communicate your investment in safe products (hardware and software) against any customers with a certificate! As audit partner of TÜV Saarland we like to confirm the ISO 27034 conformity of your development process as well as the developed software, apps etc. with the “ Secure Development” certificate.

The figure below illustrates the implementation of an ISO 27034 compliant SASM to software development in your company with the Security Testing Process and its five methods: Requirements Engineering, Static Source Code Analysis, fuzzing and penetration testing:

SASM