Continuous Security

Posted on January 22, 2020 by greg

Security Team as a Service

Over the last years, agile development processes became increasingly popular in various areas. The flexibility of such paradigms enables a rapid and solution-oriented development. In order to not only develop in an agile, but also in a secure manner, several options exist. One of the most efficient options is to build an internal security team and to perform regular targeted reviews or penetration tests from an external point of view.

Building up an internal security team has the clear advantage that the development process can be accompanied by a team familiar with the inner workings of the solution. This enables the identification of not only shallow vulnerabilities, but also the identification of actual in-depth issues combined with a good coverage. However, this approach is not always feasible. In particular for startup companies, having a full-blown security team often introduces a non-negligible overhead. External code reviews and penetration tests are not always easy to integrate into agile workflows and solely relying on bug bounty platforms does not guarantee an actual in-depth inspection of the solution.

In order to close this gap, Secfault Security offers a small and flexible approach for supporting development teams in terms of IT Security. Think of Secfault Security as an on-demand security team to hire. We will support your engineers with performing in-depth design or code reviews, identifying potential issues right during the development process and providing recommendations for improving your solution. During this process, our team will acquire the domain-specific knowledge about the security-relevant aspects of your solution that makes the difference between “just reading” and actually understanding your code. This enables us to identify not only typical implementation flaws, but also possible logic issues in an efficient manner. Furthermore, direct discussions with your development team also enable an efficient knowledge transfer.

Does this sound interesting to you? Get in touch for further details!