top of page

PRODUCTION OF SECURE SOFTWARE CODES

DevSecOps

DevSecOps

The DevOps approach is an approach that links development and operations. This link between 'development' and 'operations' aims to guarantee much faster development cycles. The particularity of the DevSecOps approach is that it integrates the 'security' aspect into this thinking.

 

For a long time, security tests were carried out at the end of the process, but today it is essential to integrate these aspects from the design stage and throughout the development of a digital product, in order to guarantee a high level of security, while minimising the impact on the budget and the development schedule of the solution.

 

In this context, CyberSecura makes technical and managerial teams aware of the interest of a DevSecOps approach, helps in the choice and installation of tools allowing DevSecOps practice and trains development teams in these development practices.

 

Workload : on quotation (depending on the company, the project and the size of the development teams), fixed price commitment.

SDL

SDL practices

The SDL (or Security Development Lifecycle) practice is a holistic practice, aimed at integrating security into the daily development of a project.

 

The SDL practice is a series of processes and procedures aimed at ensuring the security of an application or product by integrating security measures from the design and development phase. This approach considerably reduces vulnerabilities and therefore risks for the product, but it also reduces the costs of a response in case of an attack, as this practice provides for the design of an incident response plan. 

 

The SDL approach is divided into 7 phases: 

  • Ongoing training throughout the project.

  • Definition of the security requirements and functionalities needed.

  • Product design phase, in order to visualise the architecture of the product, and the aspects to be secured. During this design phase, an analysis of the attack surface is carried out to better define the security requirements.

  • The coding phase aims to create secure and efficient software code by implementing best practices and using approved tools (i.e. state of the art).

  • The testing phase allows the technical teams to test the overall security of the system created and the functionalities dedicated to security and data protection.

  • After testing the system, the technical development and security teams vote "go" or "no go": if the system still has significant vulnerabilities, we go back to the design phase. If the system has only acceptable vulnerabilities, it can be marketed. This phase is therefore an essential check before a product is put on the market, and it must be carried out with a security expert. 

  • The purpose of the product monitoring and update phase is to continuously monitor all flaws in the system in production. If vulnerabilities are detected, it is then necessary to provide and apply updates and patching.

 

Workload : on quotation (depending on the company, the project and the size of the development teams), fixed price commitment.

approches SDLC et SDL

Find out more about our expertise in IoT security!

WHAT THEY SAY

Nathalie.png
Screenshot 2021-02-23 at 10.02.20.png

Nathalie Renou, Director of Operations for Extellient

"CyberSecura's work was very thorough. We very much appreciated their professionalism and the skills of our contacts. We were well advised, and obtained very precise deliverables and clear guidelines."

Nicolas Chabanoles, CTO at Bonitasoft

"We really appreciate the expertise Saghar brings to the table in her advice and approach. [...]

A real education of the employees has been put in place and this has been very much appreciated by the teams."

THE USECASES

Would you like to find out more about our secure development by design services? Download our customer case studies for more information!

If you download the usecases on this page, you will access French content. If you want to read these usecases in English, please click here!

sécurité IoT.png
1.png

DevSecOps approach

For Bonitasoft, software editor.

Cybersecurity by design

For Extellient, creator of customised digital solutions

bottom of page