In the making: security framework for compliant applicationsPublished on: Author: Shivash Mahespalsingh Category: News
At Qualogy Caribbean, we have been developing a security framework for our customers since May, 2019. I am involved as a software engineer. An interesting challenge! What is it and what does it bring us? I would like to tell you more.
With the security framework, web applications will be researched. This will happen with a penetration test: testing for vulnerabilities. These vulnerabilities are actually used to “break into” the applications.
10 biggest security risks
For the framework’s development, we used the ‘OWASP top 10’ as a guideline. This is a list with the 10 biggest security risks. Think about faulty protection of sensitive (personal) information, no authorization checks, configuration mistakes and insufficient logging and monitoring.
I’m currently building a prototype. Every day, new security vulnerabilities are found. It is a big challenge to overcome them all.
Complying to international security standards
With this security framework, Qualogy wants to offer customers the full package: analysis, project management, building, testing and maintaining the application. And now also testing security. The biggest advantage is that our customers get applications that comply to international security standards. They don’t have to worry anymore about the compliancy of their applications.
Framework for everyone
Qualogy Caribbean is going to offer the security framework as a standard service to organizations in different branches. Tailor-made solutions are of course also possible. We can adjust the technical aspects to the customer’s demands and wishes. Everyone can knock on our door: whether the companies have web applications built by us or not.
Market leader with this product
We can probably offer the security framework to our customers within a year. I have high expectations. With this product, I think Qualogy Caribbean will become the market leader in the Caribbean. And we will play an important part, especially in Suriname, in making companies more aware about software security.