Intopalo Security Assessment Intopalo Security Assessment

Taking security to the next level
Security is a crucial enabler that you must have if you want to maintain a competitive edge using innovation and modern software technologies. Intopalo Security Assessment is a business-driven security assessment service for product companies.

  • It’s the right tool for the taking the security of your software-powered system to the next level.
  • It works equally well for improving existing systems and for ensuring that new systems start off on the right track.
  • It’s 100% business-driven as it is completely based on your business need.
  • It’s 100% practical. Based on the secure software engineering practices that we use in our software product development services, Intopalo Security Assessment is done by specialists whose primary goal is to deliver great software-powered products with built-in security.

With Intopalo Security Assessment, you can push your security concerns off the table and tap into software innovation.

MARS and threat modeling

Intopalo Security Assessment starts with a MARS workshop for making sure that we address the right questions for your business. MARS is a manuscript that condenses the essential starting points for business-driven security assessment, so work can start without wasting any time or money. MARS is a mnemonic that stands for Motivation, Assets, Raiders and Setbacks. Read more about MARS.

The MARS phase is followed by threat modeling based on analyzing the system architecture. We use STRIDE, a threat modeling technique that is widely used in the industry, to identify security threats of the system. Read more about threat modeling. If there is existing source code, then the threat modeling step can include code review for the identified critical sections. The configuration of software deployment and network security policies can also be reviewed.

VULNERABILITY ANALYSIS

If you have an existing system, vulnerability analysis can be included as a part of Intopalo Security Assessment. Here are a few typical examples of vulnerability analysis that we perform.

  • Operating system level vulnerability scanning can effectively identify components that have known vulnerabilities or that have been incorrectly configured.
  • Web application level scanning reveals known software errors in the application level. The used third-party dependencies can also be enumerated to find known vulnerabilities.
  • The SSL/TLS configuration can be scanned to make sure that your applying a secure configuration.
ASSESSING WHERE YOU ARE ON SECURE SOFTWARE ENGINEERING

The return on the security investments that are done in early phases of development is high. For your ongoing development, it makes good business sense to build in security by applying secure software engineering practices. A self assessment of secure software engineering practices — where your development team is in terms of the maturity of the secure software development — can be included via Intopalo Security Assessment.

SECURITY MARKETING MESSAGE

If you want to take security to the next level using Intopalo Security Assessment, you should also make sure that it shows to your customers. Maintaining customer loyalty and brand is often a part of the security business case. This goal realizes only if the customers find out about the security investments with a credible security marketing message. Forming the security marketing message can be a part of the Intopalo Security Assessment service.

ACTIONABLE RESULTS

The final workshop in the Intopalo Security Assessment presents the results, improvements and findings in a prioritized format. You will have a backlog that is easily actionable and aligned with your business goals.

CASE EXAMPLE: INTOPALO SECURITY ASSESSMENT FOR HAPPYORNOT
A security assessment was performed as a part of Intopalo’s security collaboration with HappyOrNot. Read more about the collaboration.

Henry Haverinen
Henry Haverinen
Security services +358 50 594 4899 henry.haverinen-obfuscate@intopalo.com