An Application Security Management System (ASMS) describes the necessary processes, guidelines, methods and tools in order to ensure and maintain an appropriate security level of the application portfolio and the associated IT systems during the entire lifecycle. It can act as a link between an existing ISMS and technical security standards and enables target-oriented security investments for acquisition, development and operation of applications.
- Priorisieren Sie Sicherheit als Qualitätsaspekt.
- Schützen Sie ihr Applikationsportfolio.
- Schützen Sie Ihre Daten vor Diebstahl, Vernichtung oder Manipulation.
- Reduzieren Sie das Risiko von finanziellen Schäden und Vertrauensverlust.
Secure System Engineering
With Secure System Engineering, SEC Consult supports companies with the implementation of security measures, right at the beginning of software development and acquisition process. In order to increase the quality of applications, security risks are jointly evaluated and reduced. SEC Consult covers the following areas:
Threat modelling is a process enabling early detection and assessment of security problems. Thus, problems are prevented and the costs for elimination highly reduced.
Security Architecture Review
This is a conceptual review of the relevant security ware. During a Security Architecture Review, it is checked, whether the implemented security solution sufficiently covers all security mechanisms and controls.
With system evaluation, companies are supported with the decision of product choice. In that, security requirements should also play an important role. Here, SEC Consult offers not only assistance with the definition of such security demands, but also engages in discussions with providers wanting to sell their products to the company. Furthermore, within the scope of proof-of-concept methods, SEC Consult applies security tests, in order to be able to comprehensively present customers with advantages and disadvantages of the eligible security solutions.
Secure Software Development
With the establishment of a secure development process (Secure Software Development Lifecycle = SSDL), security problems in software development can be detected and addressed by suitable solution approaches early on. In that, a SSDL comprises measures supplementing the existing development process and sustainably anchoring security as a quality feature, independent of agile or classic development methods.