Security Consulting – WebApp Consulting

SpearTip is a trusted advisor on security and crisis management issues to a number of firms helping them identify, plan, attack and defend. This is accomplished by establishing a Framework of Guidance; a proven methodology that incorporates all facets of security with the overall plan/goals of the business.

Case Study

CHALLENGE

To deliver a new web appplication which was itself safe while also protecting the data inside it.

SpearTip APPROACH

• During a Threat Modeling exercise it was determined that a multi-layered approach to the problem was most appropriate
• Analysis showed that the target group used a standard development system, in place throughout their organization, that did not contain a security focus
• Our goal was to introduce a Secure Development Lifecycle that would add new security methodologies and efficiencies
• We established metrics to assure that additional practices would create measurable security gains
• By Providing training on Threat Modeling, Secure Software Development Lifecycle practices and working directly with the organization to understand their existing model – the client was able to meet timelines while developing a secure application.
• SpearTip then completed static code analysis and web application testing on the finished product for validation purposes

RESULT

• Final analysis showed that the new process delivered a timely and more secure application
• The client has taken the training and practice introduced to this specific group and is rolling  out similar practices throughout their organization