Concept phase: The cheapest way to work on security topics is when the project just started. We help refine software architecture and design to solve usual questions, e.g.: Is there encryption? Who is allowed to access the data?
Development: Frequent security checks of fresh code makes sure, that your software contains as few security flaws as possible.
Operation: We analyse corporate processes from a security point of view. E.g. Two-man rule, reliability, access protection, password guidelines.
Introduction of SDL: The Secure-Development-Lifecycle can increase software security for all projects. Our consultants support the implementation of SDL and help solve problems during the transition phase.
Sourcecode analysis: Sourcecode is checked in great detail to uncover as many security issues as possible.
Penetration test: We act like an attacker from the outside. Your application will be checked manually and with automated tools. This kind of test finds most obvious security flaws.
Infrastrukture analysis: Complex applications depend on numerous components. DNS, virtualisation, configuration, VPN, management interfaces, databases, test systems. SektionEins inspects each component and works out recommendations to improve security and harden your infrastructure.
Result: In the end there is alway a report. Our reports can either be straight to the point to spend as much time as possible on the actual task. Or we write an elaborate report with detailed description of uncovered security issues, risk assessment and recommendations on how to resolve each issue.
For developers: As introduction or to refresh the memory we offer courses on web security and secure programming. With practical examples and exercises attendees can dive into security topics and easily adapt concepts to their own projects.
For system administrators: Basic knowledge of web security is not optional anymore. We introduce practical approaches to securely configure and operate modern web applications.