Secure Application Development
IRM has an expert consulting team specialising in the secure development
of applications. IRM is able to provide valuable advice at a number of stages
of the development lifecycle including: reviewing the formal development
processes themselves, assisting in the creation of security requirements from
identified business needs, assisting in the design of complex applications,
reviewing existing application architectures to identify areas of particular
risk, reviewing application source code to identify possible implementation
flaws and subsequent testing of the application or components of the
applications for security flaws.
Ensuring the correct balance of functional requirements against security
obligations while being mindful of delivery deadlines and limited development
resources is a difficult area upon which IRM’s consulting team can advise.
IRM’s application security specialists also have much experience
providing advice on the secure integration of custom code with off-the-shelf
application components and environments as this is a regular requirement of our
clients.
IRM have also provided application security training courses to in-house
development teams from general awareness of issues to language specific guides
to common errors and how to avoid them.
IRM senior consultants have worked with clients to incorporate risks
identified during the development lifecycle into corporate risk management
systems allowing the specialised risk practitioner and application development
disciplines to interact in a smooth and easily understood manner.
IRM commonly provides the following services but these can be customised
to meet client requirements as needed:
- Development
Lifecycle Security Review
- Application
Security Requirements Definition
- Application
Design
- Application
Architecture Review
- Application
Code Review
- Application
Environment Build Review
- Application Security
testing
