Coveros CEO Jeff Payne Presents Agile Fundamentals
February 12, 2012
Jeff Payne will be presenting a 2-Day Training Course February 21-22, 2012 on the Fundamentals of Agile Trianing. This course teaches you to pragmatically apply Agile methods to your software development process and organization. Join Jeff at the ITEA Professional Development Center 4400 Fair Lakes Court (Suite 104) Fairfax, VA 22033. Register today!
Coveros CTO Tom Stiehm on Building Secure Software
October 31, 2011
On November 10th Tom Stiehm, Coveros CTO, will be presenting at the Better Software 2011 Conference in Orlando, FL. Tom will present on how 'Building Secure Applications'. Join Tom to explore real-world security controls he’s applied to commonly used application frameworks. Find out how to map security vulnerabilities to the security controls that manage those vulnerabilities and where to place those controls in your framework.
Coveros CEO Jeff Payne on Fundamentals of Agile Certification
October 3, 2011
Coveros CEO Jeff Payne will present at the STARWEST 2011 Conference in Anaheim, CA. Fundamentals of Agile Certification will present a roadmap for how to get started with agile along with practical advice. It will introduce you to agile software development concepts and teach you how to make them work. You will learn what agile is all about, why agile works, and how to effectively plan and develop software using agile principles.
Coveros announces the formation of Coveros Labs
June 23, 2011
Coveros, the market leader in the delivery of secure, reliable software, announced the formation of Coveros Labs (research.coveros.com) – a research laboratory focused on developing innovative technologies to enable secure software applications.
Coveros CEO Jeff Payne on "Balancing Agility and Security"
March 9, 2011
Coveros CEO Jeff Payne is interviewed and dives into the subject of "Balancing Agility and Security" in software.
Secure SDLC Improvement
Coveros believes that the most secure applications have security built into them from the beginning.
We provide services to help companies weave secure development practices into their software development life cycle (SDLC) so that they address security every step of the way, from requirements to design to build to deployment and maintenance. Our experienced software development team works with your team to plug-in proven security processes and practices into your existing software development process or we can work with you to develop a secure software development process that suits your needs.
Our secure SDLC begins with defining security requirements along with the core business requirements for the project. Defining security requirements in from the beginning helps that application designers and developers to consider the security implications of the application and implement the security features at an optimal time. During the design phase or as you design the application, the development team, with the help of a secure development expert, can review the design and architecture of the application, using the security requirements as a guide for how the application should deal with security issues. Having the security requirements defined from the onset of the project also allows the Quality Assurance team to develop test plans for the security features.
The next step in building security into an application is adding automated security testing to the build and Continuous Integration (CI) processes. While automated security testing doesn’t replace manual security testing, code review or penetration testing, it does help the application delivery team spot and fix problems as the are created and helps the team know where to focus their hands on security testing and security code reviews. This leads to the next practices that support creating secure applications, manual security testing and secure code reviews. Both practices focus on the application as it is developed and try to find flaws in the implementation in order to fix those flaws. Along with secure code reviews, the technical team, with the help of a security expert, should perform architectural risk assessments on the application and any other applications or systems that interact with it.
Even the most securely developed application can easily fall prey to attackers if the deployment, management and ongoing maintenance do not maintain the same level of security practices that development employed. Along with secure deployment and configuration practices, Coveros recommends penetration testing or objective black box or grey box verification of an application overall security posture.
Finally, one of the key steps in developing a secure SDLC is understanding the security needs of the application and organization. This includes understanding the risk tolerance of the organization, the risk profile of the application and the budget of the project, and coming up with a SDLC that addresses those factors in a balanced manner with the best security practices possible for the project.
