Medium & Large Business

Flexible and Modular Framework to Improve and Build Secure Software

Software systems today confront a greatly increased level of security risk.  As network security defenses have matured, the intruder community has refocused its efforts onto targeting software and firmware applications directly.

Despite sophisticated development methodologies, most software is developed on the basis of practices and standards that are not well attuned to meeting these increased security requirements.  As a result, the rate of security vulnerabilities in software products and embedded systems is rising rapidly.  Software developers and their managers generally do not have an educational background in secure software architecture, secure software implementation practices, software security testing, or any of the other security-sensitive processes at each stage of the software development lifecycle.  Attempt to bootstrap to a high level of capability in secure software development is arduous and time-consuming.

In addition, software and application security risks directly impact compliance with legislative and regulatory frameworks including SOX, Bill 198, NERC, and PCI, as well as representing potential immediate risk to the enterprise.

Through the Secure Development Model (SDM), TELUS provides licensable intellectual property, developer training, and consulting services that greatly accelerate a software development organization's adoption of best practices for secure development, across all stages of the software development lifecycle.  Implementation of the TELUS SDM helps organizations to realize improved product security, fewer product security flaws, reduced development costs, and accelerated time-to-market.

• Over 50 licensable Intellectual Property (IP) documents including secure development standards, practices, processes and training materials.
• Materials may be licensed as a complete set, or in one or more of the following modules:
  • Security Requirements Capture and Specification Processes Module
  • Secure Software Architecture Processes Module
  • Secure Implementation Practices Module
  • Peer Review and Security Testing Practices Module
  • Secure Deployment, Maintenance, and Incident Management Practices Module
• Training
• Consulting services

Assessment of the security characteristics of software systems at the levels of design and implementation

Despite sophisticated development methodologies, most software is developed on the basis of practices and standards that are not well attuned to meeting increased security requirements.  As a result, software is being built with exploitable code that could be hacked.

There is more information published about how to perform attacks at the software level that could put integrity, availability, confidentiality and privacy of the information at risk. OWASP has catalogued over 100 methods of application attack. In addition, organizations may have many applications in place and detecting as well as eliminating security vulnerabilities at the source code level has been costing and time consuming, increasing the risk that hidden issues go undetected.

Software security is an industry-wide challenge.  Software developers and their managers generally do not have an educational background in secure software architecture, secure software implementation practices, software security testing, or any of the other security-sensitive processes at each stage of the software development lifecycle.  Besides, QA and audit processes do not necessarily identify hidden and complex security vulnerabilities at the software code level.

Software and application security risks directly impact compliance with legislative and regulatory frameworks including SOX, Bill 198, NERC, and PCI, as well as representing potential immediate risk to the enterprise.

TELUS Source Code Review is a security-based assessment of the software source code in order to identify issues and vulnerabilities that could put confidentiality, availability, integrity, and privacy of the information and systems at risk.

Key Benefits

TELUS Software Security Architecture and Source Code Reviews help you achieve the following objectives:

• Software code resistant to published and unpublished security vulnerabilities
• Software that safeguards customers’ information privacy
• Trained developers in code security deficiencies and remediation, reducing costs and time
• Software compliant with internal and external requirements

In addition, have access to unique expertise:

• Access to security experts who are the key providers of the intelligence put in the security tools that go to the market
• Research team that powers the products of 4 of the top 6 network based security vendors, and over 20 security product vendors
• Access to security experts who have worked on complex software security projects for security software product vendors,  financial systems vendors, and high tech manufacturers
• Access to highly experienced secure software practitioners who have developed software security testing tools

Highly scalable and cost-effective.

Testing that includes out-of-the-box techniques for assuring maximum coverage

Software security is an industry-wide challenge. Web applications today confront a greatly increased level of security risk. As network security defenses have matured, the intruder community has refocused its efforts onto targeting software and firmware applications directly.

Despite sophisticated development methodologies, most software is developed on the basis of practices and standards that are not well attuned to meeting these increased security requirements.  As a result, the rate of security vulnerabilities in web applications is rising rapidly.  According to OWASP, there are over 100 methods that jeopardize web applications security.  

Increasingly customers are demanding web applications to be resistant to security threats and free of security vulnerabilities that put their privacy and their identities at risk.

In addition, software and application security risks directly impact compliance with legislative and regulatory frameworks including SOX, Bill 198, NERC, and PCI, as well as representing potential immediate risk to the enterprise.

TELUS Web application testing involves the use of special software tools and manual tests to identify security vulnerabilities in the web application code, providing technical recommendations for code remediation. The test covers not only the OWASP attack methods but several hundred different vulnerabilities, of which OWASP's methods are a subset.

Key Benefits

TELUS Web application testing helps you achieve the following objectives:

• Web applications resistant to published and unpublished methods of attack
• Web applications that safeguards electronic transactions and customers’ information privacy
• Trained developers in code security deficiencies and remediation, reducing costs and time
• Web applications compliant with internal and external requirements

In addition, have access to unique expertise:

• Access to security experts who are the key providers of the intelligence put in the security tools that go to the market
• Research team that powers the products of 4 of the top 6 network based security vendors, and over 20 security product vendors
• Access to security experts who have worked on complex software security projects for security software product vendors,  financial systems vendors, and high tech manufacturers
• Access to highly experienced secure software practitioners who have developed software security testing tools

Understand the top security risks in software security and reduce development cycle times and very costly mistakes

Software systems today confront a greatly increased level of security risk.  As network security defenses have matured, the intruder community has refocused its efforts onto targeting software and firmware applications directly.

Despite sophisticated development methodologies, most software is developed on the basis of practices and standards that are not well attuned to meeting these increased security requirements.  As a result, the rate of security vulnerabilities in software products and embedded systems is rising rapidly.  Software developers and their managers generally do not have an educational background in secure software architecture, secure software implementation practices, software security testing, or any of the other security-sensitive processes at each stage of the software development lifecycle.  Attempt to bootstrap to a high level of capability in secure software development is arduous and time-consuming.

TELUS Software Security Awareness training helps developers and architects understand the requirements of software security. The training translates security best practices into a results-oriented method that could save time and effort in software security implementation

• Research team that powers the products of 4 of the top 6 network based security vendors, and over 30 security product vendors
• Instructors with more of a decade of secure architecture and software security experience
• Instructors have worked in  complex software security projects for organizations such as Sybase and Motorola
• Instructors teach secure software concepts on a regular basis
• Based on sophisticated and comprehensive framework for secure software development (SDM)