GlobalNSA’s approach to developing secure software is predicated upon secure software development lifecycle processes (S-SDLC) and current security best practices. By following these methodologies and embedding security at the beginning of any project, software can be designed, developed, tested and deployed in a secure manner that reduces the likelihood that a vulnerability will be exploited when proper security controls are implemented from the outset.
Secure Application/Platform Development
GlobalNSA has extensive experience in the development of secure software. With GlobalNSA’s help, we can deliver the entire solution or partner with you at any stage. The following is just some of the services GlobalNSA provides with secure software development:
- S-SLDC Process & Project Management
- Continuous Integration
- Detailed Designs
- Custom Software Development
- Rapid Prototype Development
- Behavior Analysis
- Databases (Relational/RDF)
- Open Source Technologies
- Custom Cryptography
- Custom Authentication
- Custom PKI
- Custom Identity Management
- White/Black Box Testing
- Secure Code Training
GlobalNSA has extensive experience designing and implementing secure SDLC processes. We will help you identify the best tools for your source control, build, test and deployment needs. Additionally, GlobalNSA provides for all your project management needs whether your process is Waterfall, Agile/Scrum, Kanban or a combination.
GlobalNSA will help you integrate continuous integration and test-driven development methodologies. CI and TDD are key elements to a secure, predictable software delivery approach including automated tools for QA regression and code reviews.
Detailed designs including scenarios, sequences, use and mis-use cases are often overlooked critical aspects to secure development. GlobalNSA provides design services for existing or new software applications/platforms.
Custom Software Development
GlobalNSA is experienced and knowledgeable in software code development. We can develop your application/platform or partner with your development team. Our expertise crosses all OS platforms, languages, web, server, desktop, and mobile. We also specialize in web services, API development and data security.
Rapid Prototype Development
Rapid prototyping is a key aspect to the valuation of new business models or new application architectures. GlobalNSA's team of developers will bring the ideas to life to help you move quickly on your plans.
Behavior analysis is a way to enhance the security of your application/platform by analyzing actions and flows and identifying any departures from normal operation. This is especially important in distributed software architectures where security gaps might go undetected.
GlobalNSA has a significant depth of knowledge in database development including both relational and RDF technologies. This includes database technology selection, data design, database development, data models, data security and query optimization.
Open Source Technologies
Open Source is a great source for technologies however, usage of Open Source must be considered carefully. GlobalNSA has significant experience with selection, development and integration of Open Source technologies including OAuth, OpenSSL, XMPP, and more.
GlobalNSA provides design and development of custom cryptographic solutions as your software requirements demand.
GlobalNSA provides design and development of custom authentication solutions as your software requirements demand.
GlobalNSA provides design and development of public key infrastructure or public key cryptographic solutions.
Custom Identity Management
GlobalNSA provides design and development of custom identity solutions as your business and software requirements demand.
White/Black Box Testing
GlobalNSA performs both white and black box testing of your software application/platform. Testing includes both functional, non-functional and specific security testing.
Secure Code Training
GlobalNSA provides training for your development staff on secure coding approaches and standards include SANS 25, OWASP, language and platform secure coding techniques.
Secure Mobile Development
As the popularity and capability of mobile devices continue to grow, the opportunity for threats increase.
- The number of applications on Google Play and the App Store continues to grow.
- Mobile apps often communicate with outside servers with no security.
- There’s an increasing amount of sensitive data is being pushed to mobile devices.
- Tablet and smartphone applications have different threat models.
Mobile development must include a different approach to adequately secure the application. GlobalNSA is experienced and knowledgeable in secure software development for mobile devices. We can develop or update your mobile app or partner with your development team. Our expertise includes iOS and Android mobile platforms.
Secure Cloud/Infrastructure Development
Today’s cloud environments can consists of various forms of infrastructures such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), pure virtual environments or even data centers located in another state whereby the data is transmitted through the internet or even an external WAN to reach that data center from another location. With these various types of infrastructures, skilled analysis, design, development, and implementation of these infrastructures must include secure solutions.
GlobalNSA can design secure solutions for each of these types of infrastructures leveraging proven methodologies and approaches. Using methodologies such as SOA (Service Oriented Architecture) to ensure that all integrated products (off-the shelf or custom) utilize and implement secure strategies. GlobalNSA will keep the “big picture” in view while ensuring that the project is successful and includes embedding security.
GlobalNSA’s approach to designing, developing, and implementing secure cloud solutions satisfies business objectives and drivers, balances risks involved, and provide a phased road map for the ultimate goal for the organization.