SECURITY
FRAMEWORK

SECURITY FRAMEWORK

No one would leave home in the morning with their doors & windows unlocked, so why do organisations potentially do that with their technology? Trust is not a substitution for security

Our security framework provides complete protection across the SDLC, utilising open source & commercial tooling in order to de-risk your product deployments. It incorporates:

Static Application Security Testing (SAST)

  • SAST tools scan raw source code, for coding errors & flaws which could lead to exploitable vulnerabilities 
  • SAST tools can also be used to standardise code writing & can work in the developers interactive development environment (IDE) providing instant feedback
  • SAST tools are primarily used during the code, build, & test phases of the software development life cycle (SDLC)

Software Composition Analysis (SCA)

  • SCA tools scan open-source & third-party components for known vulnerabilities. They also provide insight into security & license risks to accelerate prioritisation & remediation efforts
  • SCA tools are primarily used during the build & test phases of the SDLC

Automated Testing

  • Automating application testing is vital for interactive application security testing (IAST) & dynamic application security testing (DAST) products to fully analyse the application before production deployment. If the application is not fully analysed, application vulnerabilities & testing backdoors can be missed, exposing the application & user data
  • Automated testing is primarily used during the test phase of the SDLC

Tool Reporting Consolidation

  • Using multiple tools can create a product backlog nightmare, with several different consoles holding different data & even requiring manual intervention to send to a single ticketing system
  • It’s important to remember this & develop a way to consolidate the defect findings from SAST, SCA, IAST, automated testing & DAST for application & product owners to understand & prioritise remedial actions

Continuous Integration/Continuous Deployment (CI/CD) Pipelines

  • CI/CD is a method to constantly build, test & deliver apps by automation within the SDLC. With consistency in the integration process, teams can commit code changes more rapidly, leading to better coding quality & a reduction in application release

Runtime Application Security Protection (RASP)

  • RASP tools operate within the application runtime engine & act as intrusion detection (IDS) or intrusion protection (IPS)
  • RASP can detect, alert & block advanced persistent threats (APT), which some web application firewalls (WAF) can miss
  • RASP tools are primarily used during the operate & monitor phases of the SDLC

Dynamic Application Security Testing (DAST)

  • DAST tools scan the application from the outside by crawling your web application or API for known web vulnerabilities
  • The application is scanned over a network connection & can examine the network & client-side
  • DAST tools can use Selenium scripts to interact with your website or service & find vulnerabilities
  • DAST tools are primarily used during the test & operate phases of the SDLC

Self Security Governance Framework

  • Rather than the security team being included in every application release, the security team can provide a framework, covering the use of tools such as SAST, SCA, DAST, IAST & vulnerability remediation metrics
  • A self-security governance framework can enable speedy & secure application releases
  • The security team can use centralised reporting, to showing a continuous assessment of current application vulnerabilities

Interactive Application Security Testing (IAST)

  • IAST tools operate in the application runtime & analyse application behaviour based on manual or automated tests
  • IAST tools detect vulnerabilities at runtime & provide detailed insight for developers. By highlighting the library or function, & line of code where the issue occurred. This enables developers to focus their time & effort on critical findings
  • IAST tools are primarily used during the code & test phases of the SDLC

 

Get in touch via transformation.frameworks@sqa-consulting.com for more information.

Protecting your technology, reputation & purse strings.

TRANSFORMATION
fRAMEWORKS & SERVICES

ADVISORY &
TRANSFORMATION

AGILE
ENABLEMENT

ARCHITECTURE & DESIGN AUGMENTATION

BUSINESS
MODELLING

CHANGE
MANAGEMENT

CI CD PIPELINE ENABLEMENT

CLOUD
MIGRATION

DEMAND
MANAGEMENT

DEVSECOPS ENABLEMENT

LEGACY TECHNICAL DEBT ASSESSMENT

PROCESS
COST OPTIMISATION

PRODUCT
ENGINEERING

RELEASE
MANAGEMENT

REQUIREMENT ACCELERATORS

SECURITY
FRAMEWORK

SECURITY
VULNERABILITY ASSESSMENT

TOOL AGNOSTIC
AUTOMATED FRAMEWORK

TOOLING MIGRATION & INTEGRATION

TRAINING

TRANSFORMATION TESTIMONIALS

"I have engaged SQA Consulting across several organisations, whilst I have been executing roles as CTO on payment and platform migrations, along with Digital Transformation. All engagements have been delivered to the agreed scope, time and budget within an acceptable tolerance. Key client engagements have been at MPSI/Concardis (Nets Group), Tesco Bank, Department for Work and Pension (Gov), REPL and Lloyds Banking Group. Products which I have consumed from SQA related to Cloud Migration, Containers for Services, Data Migrations, DevOps and DataLakes Services."
Floating CTOFinance Vertical
"SQA was invited to my company to enhance testing. In defined time frame they delivered what was agreed, they introduced new processes that were in line with company policies and tools. They educated testing people to be able to work with new processes and prepare us for the time when they will left the company. When they left (contract ended) transition to work without them was flawless, anyway they were available for any help during transition period if needed. All of the SQA staff that worked in MPSI showed high level of professionalism, goal orientation, dedication to work together with MPSI staff, open minded and ready to hear and accept suggestion from our side (if it makes sense). Great people I enjoyed working with!"
Interim Head of TestingEuropean Payments Processor
"Incredible professional approach and extensive knowledge. It is really refreshing to work with the company that has both domain expertise and hair thin precise accurate delivery and planning. Our second project now in delivery and still superb experience!"
CEODigital Development Engineering
"We've been working closely with SQA Consulting SMEs on various projects & they have always delivered &, more importantly, delivered on time. Their leadership team is commendable & they are a truly dependable partner. My colleagues from Roxoft & myself, personally enjoy collaborating with experts from SQA - although they're working around the clock, they always have energy to spare & their positive attitude makes a difference."
CEORoxoft
"Engaged SQA Consulting 12 months into a 20 month programme that consisted of 170 Funds and was worth 40 Billion Euro in combined AUM. Their revised QA Strategy, Test Approach and Management Capability enabled us to deliver the programme and gain a real insight into the overall SDLC benefits of getting QA right -
Managing DirectorTop 5 Investment Bank
"The SQA Consulting team collectively matrix managed 2500 resources, the majority of these were based offshore. Managing multiple concurrent programmes across, Sales, Service, Mobile, Digital Propositions & Security. The team were responsible for Quality Assuring the delivery of £20 million of IT Change on a monthly basis"
Head of QATop 5 Retail Bank
"SQA Consulting delivered a single source solution, full development integrating with the underwriters, finance houses, fraud databases underpinned by full QA including performance, stress and volume testing. The process was seamless and we could not be happier"
CEOThe Largest Independent Insurance Broker in the UK
"The SQA Consulting Management Consultant, streamlined out test management processes, offshore delivery capability, reporting, tooling utilisation and managed our monthly releases, taking us from ground zero to a stable sustainable model in under six months. We were that impressed that we extended his engagement and appointed him our Interim Head of Testing"
Interim Head of Product EngineeringEuropean Payments Processing Company
Previous
Next

LATEST

TRANSFORMATION NEWS

We Don’t Provide Warm Bodies, SQA Consulting Surpasses 30-Month Milestone Delivering Outcome-Based Solutions to 6 Concurrent Global Clients

At first glance, it’s easy to pigeonhole us as mere providers of technical expertise & warm bodies. While this is undoubtedly one small facet
Read more...
Case Study - Image (11)

Is it Insane to Run a Technology Delivery Bench, or Morally Bankrupt Not to?

Like most consulting companies, we are continuously looking to acquire new clients. We have delivery teams in 8 Geographical regions worldwide, that stated we
Read more...

The Penny Rich Pound Poor Paradox

The Penny Rich Pound Poor Paradox While the initial savings may look enticing, the concealed costs of this approach begin to emerge over time. 
Read more...

Get In Touch

+44 (0) 161 503 0533

info@sqa-consulting.com

Manchester
Dublin
New York
Bosnia and Herzegovina
Croatia
Kosovo
Serbia
Spain

Technology Consulting Partners

© SQA Consulting Ltd

About SQA

About Us

Case Studies

News

Our Vacancies

Services

Transformation

Cyber Security

Intelligent Automation

AML Compliance

Contact

info@sqa-consulting.com

+44 (0) 161 503 0533

Linkedin-in Twitter Facebook Instagram

Terms & Conditions | Privacy Policy

Website design by Shoga

Twitter Facebook Instagram