Secure Software QA & Testing
Considering security throughout the development lifecycle is essential to ensure your product is secure. Software development and security are not separate entities; We can help support your organization in embedding security from the outset and help evaluate your software development.
FORT Offering or Secure Software
Independent Software Testing or in Testing as a Service (TaaS) model, our teams provide independent, third-party validation and verification services to the client organizations. The services range from manual and automated testing at system, integration, or unit levels to automated load and stress testing. For this purpose, our team has expertise in applying various testing frameworks for testing of web applications, mobile applications, desktop applications, and embedded systems.
- Extended Testing team model offers the client teams to work in close coordination with our testing teams. The model is ideally suited for companies that are rapidly expanding and allows experts of our company to augment the existing technical resources of client organisations.
- Assessment and Analysis of the existing software engineering, quality assurance and testing practices of the organisations, assessment of information security threats to the organisations and evaluation of their existing information security processes and infrastructure and applications.
- Capacity Building on Automated Testing, Quality control, Standards for Software Systems, Software Testing Certifications, penetration testing and information security practices and standards.
- Consultancy on integrating state of art software engineering and automated testing strategies in organisations, improvements to software development and quality assurance processes, information, and data security for critical applications.
- Security Testing our security experts will perform a detailed code review of the application by conducting formal check-list based source code reviews supported by static analysis tools to evaluate the code quality, security issues and assess its compliance with applicable international standards. The manual source code review will be conducted by security experts as a formal check-list based technical review in which the experts will evaluate the code guided by a formal checklist. Our secure code review checklist is developed based on international security and quality standards, including the top OWASP vulnerabilities, MITRECommon Weakness Enumeration, NIST, PCI Data Security Standard and CERT secure coding standards. This will assist the reviewers in identifying software vulnerabilities and risks in the application source code. For conducting the code review, a risk-based approach will be followed as per OWASP Code Review Guide. During the review, the security experts will assess the application code for security problems and categorize the findings based on the weakness categories, as highlighted in checklist, (e.g., authentication, input validation, obfuscation, encryption, etc.). A risk severity assessment will be performed by the experts and a corresponding ranking will be assigned to each finding. The findings will be presented in the final secure code review report.
- Independent Auditing of software engineering practices, quality assurance and testing practices for conformance to relevant international standards such as ISO/IEC 9126, ISO/IEC 25000:2005 and applicable security standards for Fintech domain, such as ISO 27001.