1st-1-min
Built in security from concept to development

Paladion SSAP ensures that your software application(s) are designed, developed and deployed in a secure environment from the beginning.

Business focused security

Paladion SSAP keeps an eye on the business as well as security implications your software has on your organization and will continue to do so well after deployment.

1st-2-min
1st-3-min
Identify threats and vulnerabilities well before deployment

Paladion SSAP helps your organization avoid common as well as evolving security threats and vulnerabilities your application has or may have well before the deployment stage.

1st-5-min
Scalable and repeatable process

Our SSAP is a repeatable and scalable process which can be extended to all applications in your organization. The software security framework developed as part of the project enables your organization decide the set of applications and the frequency the various security tests need to be conducted.

High level security awareness training

Identify security vulnerabilities and bugs in your software or application due to insecure coding practices or errors.

1st-4-min
1st-1-min
Built in security from concept to development

Paladion SSAP ensures that your software application(s) are designed, developed and deployed in a secure environment from the beginning.

1st-2-min
Business focused security

Paladion SSAP keeps an eye on the business as well as security implications your software has on your organization and will continue to do so well after deployment.

1st-3-min
Identify threats and vulnerabilities well before deployment

Paladion SSAP helps your organization avoid common as well as evolving security threats and vulnerabilities your software application has or may have well before the deployment stage of the software development life cycle.

1st-4-min
Scalable and repeatable process

Our SSAP is a repeatable and scalable process which can be extended to all applications in your organization. The software security framework developed as part of the project enables your organization decide the set of applications and the frequency the various security tests need to be conducted.

1st-5-min
High level security awareness training

Identify security vulnerabilities and bugs in your software or application due to insecure coding practices or errors.

Service Features

Service Features

Our SSAP is based on six phases namely current state assessment (based on OpenSAMM framework), risk assessment (including both technical and process assessment), security standard definition, SSA Governance definition and SSA Plynt Certification.

3rd-11-min
Current state assessment

As part of the assessment, current capabilities related to software security will be benchmarked against Open SAMM Framework. The four modules within Open SAMM i.e.. Governance, Construction, Verification and Deployment. The 12 security practices under the four security domains will be verified. A checklist and interview based approach will be considered for the assessment.

Finally as part of the current state assessment, maturity rating against Open SAMM maturity levels will be identified.

3rd-4-min
Security Standards Definition

As part of this phase security standards will be developed for each of the critical applications for which the risk assessments were conducted. The standards will be developed taking into consideration the assessment results and the business requirements and the technical limitations if any. The development standards may include secure coding and applications security standard; Deployment standards will include the baseline security standards for the operating system, databases and software security tools; Process review will result in definition of application monitoring standards.

3rd-51-min
Risk Assessment

Application specific assessment will be conducted from phase 2 onwards of the SSAP. The critical applications for the organization shall be identified and risk assessment will be conducted for those set of applications. Risk assessment activity is split into four different levels of assessments covering Design review (design documents and the security requirements of the application will be reviewed), Development review (source code review and application security testing), Deployment Review (underlying infrastructure of the applications and the software security tools will be reviewed) and process review (review of the processes followed in application development and maintenance)

3rd-3-min
SSA Governance and Process Definition

As part of this phase, the governing policies and procedures for the success of SSAP will be defined along with the roles and responsibilities. Paladion will also develop a software security framework for the organization which helps the organization in deciding the security controls and security testing cycles of all of their applications. The process required for secure software development and deployment namely secure coding guidelines, source code version controlling process, change and release management, software license management etc will be defined as part of this phase.

3rd-2-min
Implementation Plan and Roadmap

Paladion will provide training and awareness sessions as part of this phase to different stream of users. Secure coding training will be specific for the developers, platform specific training will be conducted for the developers as well as the deployers and general security awareness training will be provided for other employees in the organization.
A master implementation roadmap will be developed taking into account the current state assessment, risk assessment, SSA standards and process and the defined governance structure. The master plan will largely include the following:

• Implementation of required organizational structure to operationalize the defined operating model for Software Security Assurance.

• Implementation of new/updated SSA processes.

• Implementation of new technologies.

• Improvements in the existing technologies.

bandicon2

SSA Plynt Certification

Paladion also proposes to certify the Software Security Assurance Program of the organization through “SSAP Plynt Certification”. Maturity of the program and risk assessment will be conducted prior to the certification. The certification will be valid for a period of one year, after which the certification needs to be renewed by conducting a maturity assessment and risk assessment.

3rd-11-min
Current state assessment

As part of the assessment, current capabilities related to software security will be benchmarked against Open SAMM Framework. The four modules within Open SAMM i.e.. Governance, Construction, Verification and Deployment. The 12 security practices under the four security domains will be verified. A checklist and interview based approach will be considered for the assessment.

Finally as part of the current state assessment, maturity rating against Open SAMM maturity levels will be identified.

3rd-51-min
Risk Assessment

Application specific assessment will be conducted from phase 2 onwards of the SSAP. The critical applications for the organization shall be identified and risk assessment will be conducted for those set of applications. Risk assessment activity is split into four different levels of assessments covering Design review (design documents and the security requirements of the application will be reviewed), Development review (source code review and application security testing), Deployment Review (underlying infrastructure of the applications and the software security tools will be reviewed) and process review (review of the processes followed in application development and maintenance)

3rd-4-min
Security Standards Definition

As part of this phase security standards will be developed for each of the critical applications for which the risk assessments were conducted. The standards will be developed taking into consideration the assessment results and the business requirements and the technical limitations if any. The development standards may include secure coding and applications security standard; Deployment standards will include the baseline security standards for the operating system, databases and software security tools; Process review will result in definition of application monitoring standards.

3rd-3-min
SSA Governance and Process Definition

As part of this phase, the governing policies and procedures for the success of SSAP will be defined along with the roles and responsibilities. Paladion will also develop a software security framework for the organization which helps the organization in deciding the security controls and security testing cycles of all of their applications. The process required for secure software development and deployment namely secure coding guidelines, source code version controlling process, change and release management, software license management etc will be defined as part of this phase.

3rd-2-min
Implementation Plan and Roadmap

Paladion will provide training and awareness sessions as part of this phase to different stream of users. Secure coding training will be specific for the developers, platform specific training will be conducted for the developers as well as the deployers and general security awareness training will be provided for other employees in the organization
A master implementation roadmap will be developed taking into account the current state assessment, risk assessment, SSA standards and process and the defined governance structure. The master plan will largely include the following:

• Implementation of required organizational structure to operationalize     the  defined operating model for Software Security Assurance.

• Implementation of new/updated SSA processes.

• Implementation of new technologies.

• Improvements in the existing technologies.

3rd-6-min
SSA Plynt Certification

Paladion also proposes to certify the Software Security Assurance Program of the organization through “SSAP Plynt Certification”. Maturity of the program and risk assessment will be conducted prior to the certification. The certification will be valid for a period of one year, after which the certification needs to be renewed by conducting a maturity assessment and risk assessment.

Robust Security Assessment Delivered Instantly