Built in security from concept to development

Paladion SSAP ensures that your software application(s) are designed, developed and deployed in a secure environment from the beginning.

Identify threats and vulnerabilities well before deployment

Paladion SSAP helps your organization avoid the common, as well as evolving, security threats and vulnerabilities your application has, or may have, well before the deployment stage.

Scalable and repeatable process

The software security framework developed as part of the project enables your organization to decide the set of applications various security tests need to be conducted on, as well as their frequency.

Business focused security

Paladion SSAP keeps an eye on the business—as well as the security implications your software has on your organization—and will continue to do so well after deployment.

High level security awareness training

Identify security vulnerabilities and bugs in your software or application due to insecure coding practices or errors.

Paladion features

Service Features

Our SSAP is based on six phases: namely current state assessment (based on OpenSAMM framework), risk assessment (including both technical and process assessment), security standard definition, SSA Governance definition and SSA Plynt Certification.

Paladion Security

Current State Assessment (based on OpenSAMM framework)

As part of the assessment, current capabilities related to software security will be benchmarked against Open SAMM Framework. The four modules within Open SAMM are Governance, Construction, Verification and Deployment. The 12 security practices under the four security domains will be verified. A checklist and interview based approach will be considered for the assessment.

Finally, as part of the current state assessment, your maturity rating—compared against Open SAMM maturity levels—will be identified.

Risk Assesment

Risk Assessment (including both technical and process assessment)

Risk assessment activity is split into four different levels of assessments:

  • Design Review: Review of the design documents and the security requirements of the application.
  • Development Review: Review of the source code and application security testing.
  • Deployment Review: Review of the underlying infrastructure of the applications and the software security tools.
  • Process Review: Review of the processes followed in application development and maintenance.
Security definition

Security Standard Definition

As part of this phase, security standards will be developed for each of the critical applications for which the risk assessments were conducted. The standards will be developed taking into consideration the assessment results, the business requirements, and the technical limitations (if any). The development standards may include secure coding and applications security standard. Deployment standards will include the baseline security standards for the operating system, databases and software security tools. And the process review will result in a definition of application monitoring standards.

SSA Governance

SSA Governance Definition

As part of this phase, the governing policies and procedures for the success of SSAP will be defined, along with the roles and responsibilities. Paladion will also develop a software security framework for the organization which will help the organization decide the security controls and security testing cycles of all of their applications. The process required for secure software development and deployment includes, but is not limited to the following, and will be defined as part of this phase:

  • Secure coding guidelines
  • Source code version controlling process
  • Change and release management,
  • Software license management
Implementation Plan Security

Implementation Plan and Roadmap

Paladion will provide training and awareness sessions as part of this phase to different streams of users. Secure coding training will be specific for the developers. Platform specific training will be conducted for the developers a,s well as the deployers. And general security awareness training will be provided for other employees in the organization.

A master implementation roadmap will be developed, taking into account the current state assessment, the risk assessment, SSA standards and process, and the defined governance structure. The master plan will largely include the following:

  • Implementation of required organizational structure to operationalize the defined operating model for Software Security Assurance.
  • Implementation of new/updated SSA processes.
  • Implementation of new technologies.
  • Improvements in the existing technologies.
Service-Features-icon.png

SSA Plynt Certification

Paladion also proposes to certify the Software Security Assurance Program of the organization through “SSAP Plynt Certification”. Maturity of the program and risk assessment will be conducted prior to the certification. The certification will be valid for a period of one year, after which the certification needs to be renewed by conducting a maturity assessment and risk assessment.

Robust Security Assessment, Delivered Instantly

Speak to a Security Expert