Paladion SSAP ensures that your software application(s) are designed, developed and deployed in a secure environment from the beginning.
Paladion SSAP helps your organization avoid the common, as well as evolving, security threats and vulnerabilities your application has, or may have, well before the deployment stage.
The software security framework developed as part of the project enables your organization to decide the set of applications various security tests need to be conducted on, as well as their frequency.
Paladion SSAP keeps an eye on the business—as well as the security implications your software has on your organization—and will continue to do so well after deployment.
Identify security vulnerabilities and bugs in your software or application due to insecure coding practices or errors.
Our SSAP is based on six phases: namely current state assessment (based on OpenSAMM framework), risk assessment (including both technical and process assessment), security standard definition, SSA Governance definition and SSA Plynt Certification.
As part of the assessment, current capabilities related to software security will be benchmarked against Open SAMM Framework. The four modules within Open SAMM are Governance, Construction, Verification and Deployment. The 12 security practices under the four security domains will be verified. A checklist and interview based approach will be considered for the assessment.
Finally, as part of the current state assessment, your maturity rating—compared against Open SAMM maturity levels—will be identified.
Risk assessment activity is split into four different levels of assessments:
As part of this phase, security standards will be developed for each of the critical applications for which the risk assessments were conducted. The standards will be developed taking into consideration the assessment results, the business requirements, and the technical limitations (if any). The development standards may include secure coding and applications security standard. Deployment standards will include the baseline security standards for the operating system, databases and software security tools. And the process review will result in a definition of application monitoring standards.
As part of this phase, the governing policies and procedures for the success of SSAP will be defined, along with the roles and responsibilities. Paladion will also develop a software security framework for the organization which will help the organization decide the security controls and security testing cycles of all of their applications. The process required for secure software development and deployment includes, but is not limited to the following, and will be defined as part of this phase:
Paladion will provide training and awareness sessions as part of this phase to different streams of users. Secure coding training will be specific for the developers. Platform specific training will be conducted for the developers a,s well as the deployers. And general security awareness training will be provided for other employees in the organization.
A master implementation roadmap will be developed, taking into account the current state assessment, the risk assessment, SSA standards and process, and the defined governance structure. The master plan will largely include the following:
Paladion also proposes to certify the Software Security Assurance Program of the organization through “SSAP Plynt Certification”. Maturity of the program and risk assessment will be conducted prior to the certification. The certification will be valid for a period of one year, after which the certification needs to be renewed by conducting a maturity assessment and risk assessment.