Security is one of the most important qualities of a Enterprise Java application, as they are typically used for public websites or back office processing. However, in most Enterprise Java projects, the implementation of security is postponed until the end of the project.
This is partly caused by the misconception that in Enterprise Java, security can be declaratively added once the application is deployed. Another important reason is that most projects are primarily focused on delivering functionality.
We believe that security should be an integral part of the software development process. Xebia can help you secure your applications by providing different security services, specifically is focused on a specific phase of a project:
Before implementing security measures, an organization should have a clear strategic and tactical security policy containing, amongst others, a risk management method, classification scheme and guidelines on security measures for confidentiality, integrity and availability. This will guide the gathering process for the security requirements. Our security consultants can help you define the security policies and requirements. Security architecture provides a consistent set of measures for implementing the security requirements as defined in the security policy. A security consultant will work in cooperation with the organization’s security officer to translate the security policy into consistent security measures. This will provide guidance for the development team and administrators at an early stage. Nowadays, more than 70% of security vulnerabilities are caused by flaws in applications. Therefore, it is necessary to start with security at a very early stage in the development process. Our security consultant can help you by participating in the project and helping to define the security requirements, selecting security frameworks, designing and testing the security measures and finally deploying the application in a secure manner. This way, there will be no surprises at the end of the project. We offer a thorough inspection of the design documentation, source code and infrastructure to detect potential security vulnerabilities at an early stage of the project. It enables the detection of security flaws at an early stage, even before the system is completely finished and taken into production. The following list summarizes Xebia’s approach: According to OWASP, one of top ten vulnerabilities in web applications is Insecure Configuration Management. With the in-depth knowledge of Enterprise Java and all major application servers, our consultants can also perform different kinds of hardening services to make your environment less vulnerable to security threats. All of the actions necessary to harden your application server will be automated, in order to be repeatable for multiple servers. The goal of penetration testing is to identify the security vulnerabilities in a running system. A security consultant will try to gain unauthorized access to information from the position of a potential hacker. The advantage of these penetration tests is that both the system and its environment will be investigated.
Security policy and requirements; Enterprise security architecture; Application security design; Enterprise Java application-level security audit; Black-box and crystal-box penetration testing; Application server hardening.
Security policy and requirements
Enterprise Security Architecture
Application Security
Enterprise Java Application-level Security Audit
Checklists and automated tests for discovering vulnerabilities; Manual inspection of architecture, design, source code and infrastructure; Report on discovered weaknesses.
Black-box and crystal-box penetration testing
Application Server Hardening
