SDLC Services

Secure SDLC Consultancy helps deliver transparent, embedded, scalable and cost-effective security to organisations

Over the past 10 years, software security has been an increasing concern. Traditionally, this has been addressed by highly technical activities, such as penetration testing, and highly general areas, such as ISO27001. Whilst useful, these do little to ensure the secure inception, design and implementation of many business’ core assets – their software.

Embedding security into the SDLC provides an organization with a scalable, proactive and in-depth assurance framework, by augmenting awareness, knowledge, guidance documentation and processes.

Our SDLC Consultancy follows the industry-recognised BSIMM maturity model

Whilst the benefits of doing so are clear, implementing a full SDLC may appear to be beyond the achievable or desired goals and capabilities of a typical organization; formal threat modelling, fuzzing, and full code review is simply too cost-prohibitive to be implemented across the business.

To assist in selecting and prioritising a pragmatic and repeatable set of controls and activities, a short BSIMM assessment is recommended to compare the observed practices with industry standard practices. Following this, key areas will be discussed to bring the organization up to an agreed Maturity Model Level.

All organisations can benefit from adopting elements of an SDLC, either as work packages or with an MDSec Virtual Team Member

MDSec frequently works with organisations to help embed specific sub-elements of an SDLC, including:

  • Awareness training via briefings
  • High level information capture and risk assessment
  • Architecture Review (Threat Modelling)
  • Hands-on training
  • Assistance on calibrating and tuning automated code review tools

Related services include:

Ready to start testing your applications?

Speak to one of our industry experts and find out how MDSec can help your business.

+44 (0) 1625 263 503