At Davies Meyer, each project security lifecycle within a software development lifecycle (SDL) consists of three phases. Following an initial security analysis, we start with the secure development of your web pages or applications. Finally, we conduct a comprehensive security testing and validation of your infrastructure.
Security analysis involves security assessment, threat modelling and risk management. The main goals are to
- determine valuable assets involved in the project,
- identify threats and potential vulnerabilities of these assets and
decide how to deal with those risks.
The majority of web applications has similar security requirements, which are met (e.g. in compliance with GDPR) through the implementation of a standard set of security measures, procedures and best practices recommended by security institutions such as the OWASP.
The development carried out by Davies Meyer follows a set of specially developed security measures that are applied to your infrastructure during the SDL.
Security testing and validation
An important part of the SDL is a comprehensive security testing and the consideration of new, emerging security threats and corresponding solutions to ensure that each product meets the highest security standards. The tests are continuously conducted at different stages of the development and include the following steps:
- Configuration validation
- Code analysis
- Security controls testing
- Penetration testing (malicious user simulation)