Gain greater visibility
into your information
Our auditing process starts with an analysis of your operating system, software components and network configuration, and description of how the system functions are provided. Today, there are many specific compliance requirements to consider. These include (but are not limited to):
This analysis drives the choice of automated tools and manual procedures needed to perform the vulnerability analysis. The analysis will generate for you a detailed and comprehensive report to help you determine what if any remediation services you require of Austin Computer Security.
Security Program Evaluation, Recommendation, and Support
In today’s network environment, it no longer makes sense to manage security on an ad-hoc or component basis. Don’t wait for a breach; prepare your defenses now. Austin Computer Security has a long history working with clients to establish and institute a security program. We can help you:
We will give you greater visibility into your information security infrastructure, so that vulnerabilities discovery and remediation happen quickly.
Software Security Review
It is critically important for software applications to be reviewed for security vulnerabilities both prior to and during and implementation. Austin Computer Security begins with OWASP and other secure coding guidelines and modifies these to conform to your own development tools, software architecture and proposed system function. This ensures that you end up with rules that are usable both for an initial review and maintainance of future development activities.
Java/J2EE specific issues may include:
.NET specific issues may include:
Other Language/Environment Software
Austin Computer Security is actively investigating and continues to gain experience with additional software environments and languages (groovy, grails, drupal, struts, etc.)
Security System/Software Development Lifecycle (SDLC) Review
Austin Computer Security can work with you to ensure that the System Development Lifecycle that you are using is well-defined and meets your needs, whether it falls into the category of waterfall, iterative or agile. We will work with you to incorporate security in all phases of the SDLC, from design through operations, in a way that supports and enhances your development methodology.
We know that each organization is unique, so no system and management setup is inherently superior for all organizations. Austin Computer Security tailors methodologies within a single continuum that includes waterfall, iterative (RUP) and agile approaches and will most likely be a hybrid of multiple approaches.
Tailored Vulnerability Notification and Remediation Services
Most organizations have a wide variety of commercial and open source software components that they support. While an organization may or may not have automated patch support for core software components, there are often software components for which automated patch support is not provided - either because it is unavailable commercially for that product or because the service currently in use does not provide it.
We will work with organizations to establish what software components are automatically patched and who is responsible for patching software components that require manual intervention. Austin Computer Security has detailed and software component specific knowledge of current vulnerabilities. We can monitor this information and provide notification and remediation support services for you. Alternatively, we can develop and coordinate procedures and systems in place to allow you to maintain and act on that information, while providing remediation support when needed.