An Application Security Management System (ASMS) describes the necessary processes, guidelines, methods and tools in order to ensure and maintain an appropriate security level of the application portfolio and the associated IT systems during the entire lifecycle. It can act as a link between an existing ISMS and technical security standards and enables target-oriented security investments for acquisition, development and operation of applications.
- Prioritise security as a quality aspect.
- Protect your application portfolio.
- Protect your data against theft, destruction or manipulation.
- Reduce the risk of financial damages and loss of confidence.
Secure System Engineering
With Secure System Engineering, SEC Consult supports companies with the implementation of security measures, right at the beginning of software development and acquisition process. In order to increase the quality of applications, security risks are jointly evaluated and reduced. SEC Consult covers the following areas:
Threat modelling is a process enabling early detection and assessment of security problems. Thus, problems are prevented and the costs for elimination highly reduced.
Security Architecture Review
This is a conceptual review of the relevant security ware. During a Security Architecture Review, it is checked, whether the implemented security solution sufficiently covers all security mechanisms and controls.
With system evaluation, companies are supported with the decision of product choice. In that, security requirements should also play an important role. Here, SEC Consult offers not only assistance with the definition of such security demands, but also engages in discussions with providers wanting to sell their products to the company. Furthermore, within the scope of proof-of-concept methods, SEC Consult applies security tests, in order to be able to comprehensively present customers with advantages and disadvantages of the eligible security solutions.
Secure Software Development
With the establishment of a secure development process (Secure Software Development Lifecycle = SSDL), security problems in software development can be detected and addressed by suitable solution approaches early on. In that, a SSDL comprises measures supplementing the existing development process and sustainably anchoring security as a quality feature, independent of agile or classic development methods.