Software Security Services
Colombus is your best partner for Secure Systems
Colombus is uniquely qualified to partner with your organization on issues of Security. Our Security Practice includes hundreds of experts, around the globe, all focused on the Best Practices and the application of security technologies. Our service offerings fall into the follwing categories:
Colombus Delivers on Great Expectations
The Information Technology (IT) Security market, as a global products and services market, was estimated at US$ 54 Billion in 2008, with CAGR of close to 11% for 2009-2013 years. The reason for this is, obviously, the proliferation of vulnerabilities at almost every level of the IT architecture.
Today we are witnessing a confluence of trends that are shaping the challenges we face in information security. Fortunately, these same trends contain the means for addressing the challenges. Some key challenges that Colombus addresses with and for our customers include:
Challenges in Application Security:
Challenge 1: Minimize amount of security vulnerabilities in developed or integrated software solutions
Reduction of number of security vulnerabilities, found after product or service release, producing a negative impact on clients of a product or service.
Number of security vulnerabilities found and exploited after software product release is a well-known metric used to compare application level security between products and vendors. Vendors with higher numbers of security vulnerabilities are finding it difficult to grow their customer base or even keep their current market share. Even a single exposure may result in huge loss of credibility. As an example, the French government recently advised against using Internet Explorer because of a single security issue, despite the fact that only older product versions were affected by the problem (TELEGRAPH 2010).
Challenge 2: Protect Intellectual Property (IP) contained within developed software solutions
Protect Intellectual Property (IP) contained within software products from being stolen.
Many of the modern software development platforms are using managed code (.Net, Java) and other technologies (PHP, Ruby and others), which are possible to easily reverse-engineer once you get access to any running version of corresponding product. This increases the risks of product internals to be stolen, due to unauthorized access to systems running the products, or because of using client-side deployment models.
Challenge 3: Prevent unlicensed software product use
Prevent unlicensed software product use from happening due to circumvention of licensing and activation mechanisms built in the software product.
Software companies are experiencing huge losses due to software piracy. According to a recent study of Business Software Alliance, worldwide losses from software piracy grew by 11 percent to $53.0 billion in 2008 (BSA 2009). This also results in additional security risks to legitimate users, interacting with the users of unlicensed software products, which were tampered with and therefore often have reduced security capabilities.
Challenge 4: Recover from security incident(s) effects
Return security-compromised systems back to secure operations, also identifying root cause of the problem.
In situations when a security incident has already happened, organizations need to recover quickly and minimize the risks of having the same or similar issues in the future. This may require forensic research to identify the real source and nature of the issue.
Challenge 5: Minimize Spoofing Identity risks
Avoid identify spoofing, allowing an attacker to pose he is something or somebody else, such as specific person or computer system.
Many software systems authenticate users and perform authorization checks to avoid unauthorized activities, as well as keep track of records of each user’s activity. Therefore an attacker is often looking to act as someone else, making it more difficult to be found. This increases the importance of mitigation of spoofing identity risks at the application level.
Challenge 6: Minimize data or code Tampering risks
Avoid tampering of data or code, allowing an attacker to perform a wide variety of other attacks after that.
Modification of a software system’s code or data allows taking control over its operations. As soon as a key business process is controlled by such a software system, its execution may be severely affected (money may be transferred from one bank account to another, as the most well known example). This increases the importance of mitigation of tampering risks at the application level.
Challenge 7: Minimize Repudiation risks
Avoid repudiation threat, allowing an attacker to deny an action he has performed.
An attacker makes a repudiation threat by denying to have performed an action that other parties can neither confirm nor contradict. For example, a user makes a repudiation threat when he performs an illegal operation in a system that can’t trace the prohibited operation.
Non-repudiation is a system’s ability to counter repudiation threats. It’s important to ensure this capability during design, implementation and quality assurance of a software solution.
Challenge 8: Minimize Information Disclosure risks
Avoid confidential information exposure to individuals who are not supposed to have access to it.
Unauthorized confidential information exposure is often performed against commercially-valuable information, but may also be driven by other factors (political, for example). In some cases, private (medical records, for example) or personally-identifiable information (for example, credit cards information) may also be exposed.
A single exposure of that type can result in having millions of records being stolen (REUTERS 2009), with huge financial and reputational losses.
Challenge 9: Minimize Denial of Service (DoS) risks
Avoid Denial of Service (DoS) attacks, blocking software systems from being accessible by legitimate users or performing its operations.
Denial of Service (DoS) attacks deny or degrade service to valid users – for example, by making a web server temporarily unavailable or unusable. This often results in direct financial and reputational losses, especially for companies providing their services through the Internet (online stores, auctions, travel sites, etc).
Challenge 10: Minimize Elevation of Privilege risks
Avoid Elevation of Privilege (EoP) attacks, resulting in additional capabilities gained by users with limited access.
Elevation-of-Privilege (EoP) threats often occur when a user gains increased capability, often as an anonymous user who takes advantage of a coding bug to gain administrator access level to a software system. This also applies to legitimate users trying to increase their access levels.
These are just a few of the security issues that the Colombus security experts are able to track and thwart. Contact our Security practice today to engage with an IT projects security expert.
Colombus is uniquely qualified to partner with your organization on issues of Security. Our Security Practice includes hundreds of experts, around the globe, all focused on the Best Practices and the application of security technologies. Our service offerings fall into the follwing categories:
- Source Code Security Audit
- Software Penetration Testing
- Software Security Training
- Software Development Lifecycle Planning
Colombus Delivers on Great Expectations
The Information Technology (IT) Security market, as a global products and services market, was estimated at US$ 54 Billion in 2008, with CAGR of close to 11% for 2009-2013 years. The reason for this is, obviously, the proliferation of vulnerabilities at almost every level of the IT architecture.
Today we are witnessing a confluence of trends that are shaping the challenges we face in information security. Fortunately, these same trends contain the means for addressing the challenges. Some key challenges that Colombus addresses with and for our customers include:
Challenges in Application Security:
Challenge 1: Minimize amount of security vulnerabilities in developed or integrated software solutions
Reduction of number of security vulnerabilities, found after product or service release, producing a negative impact on clients of a product or service.
Number of security vulnerabilities found and exploited after software product release is a well-known metric used to compare application level security between products and vendors. Vendors with higher numbers of security vulnerabilities are finding it difficult to grow their customer base or even keep their current market share. Even a single exposure may result in huge loss of credibility. As an example, the French government recently advised against using Internet Explorer because of a single security issue, despite the fact that only older product versions were affected by the problem (TELEGRAPH 2010).
Challenge 2: Protect Intellectual Property (IP) contained within developed software solutions
Protect Intellectual Property (IP) contained within software products from being stolen.
Many of the modern software development platforms are using managed code (.Net, Java) and other technologies (PHP, Ruby and others), which are possible to easily reverse-engineer once you get access to any running version of corresponding product. This increases the risks of product internals to be stolen, due to unauthorized access to systems running the products, or because of using client-side deployment models.
Challenge 3: Prevent unlicensed software product use
Prevent unlicensed software product use from happening due to circumvention of licensing and activation mechanisms built in the software product.
Software companies are experiencing huge losses due to software piracy. According to a recent study of Business Software Alliance, worldwide losses from software piracy grew by 11 percent to $53.0 billion in 2008 (BSA 2009). This also results in additional security risks to legitimate users, interacting with the users of unlicensed software products, which were tampered with and therefore often have reduced security capabilities.
Challenge 4: Recover from security incident(s) effects
Return security-compromised systems back to secure operations, also identifying root cause of the problem.
In situations when a security incident has already happened, organizations need to recover quickly and minimize the risks of having the same or similar issues in the future. This may require forensic research to identify the real source and nature of the issue.
Challenge 5: Minimize Spoofing Identity risks
Avoid identify spoofing, allowing an attacker to pose he is something or somebody else, such as specific person or computer system.
Many software systems authenticate users and perform authorization checks to avoid unauthorized activities, as well as keep track of records of each user’s activity. Therefore an attacker is often looking to act as someone else, making it more difficult to be found. This increases the importance of mitigation of spoofing identity risks at the application level.
Challenge 6: Minimize data or code Tampering risks
Avoid tampering of data or code, allowing an attacker to perform a wide variety of other attacks after that.
Modification of a software system’s code or data allows taking control over its operations. As soon as a key business process is controlled by such a software system, its execution may be severely affected (money may be transferred from one bank account to another, as the most well known example). This increases the importance of mitigation of tampering risks at the application level.
Challenge 7: Minimize Repudiation risks
Avoid repudiation threat, allowing an attacker to deny an action he has performed.
An attacker makes a repudiation threat by denying to have performed an action that other parties can neither confirm nor contradict. For example, a user makes a repudiation threat when he performs an illegal operation in a system that can’t trace the prohibited operation.
Non-repudiation is a system’s ability to counter repudiation threats. It’s important to ensure this capability during design, implementation and quality assurance of a software solution.
Challenge 8: Minimize Information Disclosure risks
Avoid confidential information exposure to individuals who are not supposed to have access to it.
Unauthorized confidential information exposure is often performed against commercially-valuable information, but may also be driven by other factors (political, for example). In some cases, private (medical records, for example) or personally-identifiable information (for example, credit cards information) may also be exposed.
A single exposure of that type can result in having millions of records being stolen (REUTERS 2009), with huge financial and reputational losses.
Challenge 9: Minimize Denial of Service (DoS) risks
Avoid Denial of Service (DoS) attacks, blocking software systems from being accessible by legitimate users or performing its operations.
Denial of Service (DoS) attacks deny or degrade service to valid users – for example, by making a web server temporarily unavailable or unusable. This often results in direct financial and reputational losses, especially for companies providing their services through the Internet (online stores, auctions, travel sites, etc).
Challenge 10: Minimize Elevation of Privilege risks
Avoid Elevation of Privilege (EoP) attacks, resulting in additional capabilities gained by users with limited access.
Elevation-of-Privilege (EoP) threats often occur when a user gains increased capability, often as an anonymous user who takes advantage of a coding bug to gain administrator access level to a software system. This also applies to legitimate users trying to increase their access levels.
These are just a few of the security issues that the Colombus security experts are able to track and thwart. Contact our Security practice today to engage with an IT projects security expert.