Triad Security operates according to well-organized application security methodologies in an effort to assist organizations as a whole and their Chief Information and Cyber Security Officers in particular to cope with existing and emerging threats at the organizational application level. At the same time, Triad Security continually improves relevant organizational and business processes.
Application penetration tests – Client, Web and Mobile etc.
The application tests are based on the OWASP methodology, based on which an extensive set of advanced audits and technology tests have been developed. These are carried out on the system at the application level.
Triad Security’s unique approach focuses on exposing vulnerabilities and weaknesses while taking into consideration business scenarios typical of the system and the threats relevant to each individual customer. The tests simulate realistic scenarios. They enable identification of potential vulnerabilities and gaps between the current state and the desirable state.
Assisting secured development – SDLC
The application security team at Triad Security offers customers assistance with secure development through every stage of development and with the organization’s technological stakeholders:
- Participation in the design stage – where we will assist in defining appropriate controls in accordance with the selected architecture, the business characterization, according to the principles of the code in which the development will be done and through all stages of development.
Security QA – testing the finished system to ensure the secured development has been implemented correctly and also to test for code vulnerabilities (on business processesincluding a complete end-to-end process, modules, complete versions, workflow, etc.).
* Infrastructure-level testing can also be included, to test hardening, configurations of application infrastructure, calling external services, etc.).
- Inclusion of penetration tests prior to version approval and release.
- Ongoing support and execution of spot/periodic tests – the team offers ongoing support services for the company’s development by carrying out testing in accordance with specific requirements within the development process and code implementation / post system go-live.
Management of the process of eradication of security exposures and vulnerabilities
An expert from the application security team at Triad Security will manage and assist the process of dealing with exposures, which surface from scheduled audits, which are executed in the organization and from the ongoing activities within the company’s various development processes. The vulnerabilities management process is conducted by a senior consultant, who serves as the executive arm of the Chief Information Security Officer and the organization’s information security team. Professional issues and problems, which arise in the course of this work, shall be dealt with directly vis-à-vis the professional team and in coordination with the Chief Information and Cyber Security Officer.