Services

OneStopAppSecurity.com can help increase your confidence in your product, reduce support costs and shorten development time by complimenting your existing staff with our security expertise. While we will carefully customize every interaction we have with you and your company, below are some services that are more commonly provided.

OneStopAppSecurity.com wan help ts to you in the most efficient means possible. This includes not only providing you with security services but also helping you determine what services, if any, we can provide you. If you have any questions as to how OneStopAppSecurity.com can help your project, please contact us.

Preliminary discussions regarding what services, if any, seem appropriate for us to provide are at no cost to you. Furthermore, we reccomend that of our first-time customers begin with a No-Risk Security Assessment as a means of determining whether or not we are a good match for your project's needs.

Mouse over for details.

• Security Assessment:
  A security assessment is a formalized process designed to reduce the guesswork from planning and implementing security functionality. The exact process of involved in a security standard is formalized and well documented in books as well as online (see [1] and [2]). That being said, the term “security assessment” is commonly used to mean a wide array of different tasks. As a result, while OneStopAppSecurity.com performs security assessments, we will always list each task to avoid any confusion.
• Security Requirement Documentation:
  While many teams have sufficient engineering skills to implement an application's security, developing those requirements requires a different skill set. OneStopAppSecurity.com has both experience writing security requirements as well as up-to-date knowledge of the most recent vulnerabilities, technologies and security trends. We are comfortable working with your developers, QA organization, product management team, your customers, or anyone else you feel is appropriate to gather and produce the requirements.
• Secure Programming Code Review:
  We can perform targeted code reviews with an eye towards improving your application's security. We can also perform code reviews in tandem with your team members to train them how to perform secure programming code reviews.
• Security Process Analysis and Security Process Development:
  This is perhaps the most forgotten piece of security yet perhaps the most critical. All too often security is left for the last major issue to be addressed or second to last issue just in front of internationalization. While saving internationalization until the end of a project might not be the most effective means of implementing it, it is frequently success. But when it comes to security, processes are potentially needed from project inception through project end-of-life. For example, if a single feature gets lost in the development cycle and is unintentionally omitted from the final work, nobody is happy about it but the project usually still has utility. But if a security feature gets lost there is the potential that the project will have a vulnerability in it. This is typically more serious than a missing feature and, should there be a successful exploit, can cause a company to lose the respect and confidence of its customers.
• Security Architecture Design:
  OneStopAppSecurity.com can produce a security architecture based on your business needs. We also have extensive experience at extending an existing security architecture to handle new business or technical requirements. We attempt to design all architectures such that they not only meet today's needs, but can be grown to meet suspected and even unsuspected needs. The BEA security framework that Mr. Smithline co-architected has been in use for eight years, has had countless pieces of functionality added to it, and, while initially designed for a single product, is being used in about a dozen products and that number is still growing. Furthermore, it has dozens of third-party plug-ins that have been integrated with it adding a large and quite varied amount of functionality.
• Secure Programming and Testing Training:
  OneStopAppSecurity.com is experienced at instructing developers how to write secure programs, how to write positive as as well as negative tests, when appropriate, help train teams on specific security-related issues that are appropriate to their current project or intended market.
• Helping Management "get it":
  Everyone agrees that security is a good thing — at least until they find out that it is hard to implement, generally disrupts the user model and ruins the application's performance. OneStopAppSecurity.com can help you explain to your management how the hidden costs of ignoring security justify the expenditure on it.

While this is a sampling of services that can be provided, OneStopAppSecurity.com customizes all engagements to suit your financial, schedule, and business needs. Contact us to see what we can work out.