In the software development lifecycle, poor security decisions made at the design and architecture phase are most difficult to detect and most expensive to fix in production. Research shows that it could be 100 times more expensive to fix software design flaws in production than at the design phase. Secure Design and Architecture Review adds value to the software assurance model by identifying potential security flaws and building effective security controls early in the software development lifecycle.
AppSecure Labs’ best practice methodology utilises proven secure design principles against common vulnerabilities including but not limited to defence in depth, least privileges, fail safe, secure by default and more to identify design and architecture flaws. We utilise industry-accepted best practice methodologies along with our experience in application security that enables us to pinpoint critical areas of weakness within the application. This activity is performed by arranging meetings with the development team and reviewing the design documents. We identify the most critical areas of the application, review the security controls in place, identify potential security gaps and make appropriate control recommendations depending upon your application’s risk profile.