The use of terms “Cyber Security” normally refers to the practices used for protecting system, networks and programs from digital attacks, usually from:
- accessing, modifying or destroying sensitive information
- stealing funds from users
- interrupting normal companies business practices
Information security is certainly one of the areas where companies are heavily investing, especially concerning data related to the business and of their clients. In most cases security il limited to erecting barriers from external access with the use of anti-intrusion solutions which can guaranty almost 100% from unauthorized accesses.
However, companies are loading their client’s applications and portals on the web, thus potentially opening doors and thereby exposing applications in areas where there have not yet been developed any secured techniques, such as data and code injection.
With the use of the RES Docet/EV program, companies are able to raise the level of protection and security, even in cases where the level of security is already high. Docet/EV provides a detailed analysis of the source code designed to discover the use of:
- third party libraries, software and API which are considered “non-secure”;
- the use of programming techniques or specific instructions which are potentially dangerous and vulnerable.
SOLUTIONS
Docet/EV
Allows to bring up all of the software objects at a “Enterprise” level and “Cross-System”:
- QA assessment and measuring of the code in order to guarantee secure deployment with respect to best programming practices; also guaranteeing high level and optimum performance while at the same time supplying the tools for evaluating the dimensions, the quality and the associated cost of the applications;
- QA and code measurement to ensure safe deployment in compliance with programming best practices, ensuring optimal quality and performance while providing the tools to assess the size, quality and “technical debt” of applications;
- Software and Hardware documentation and cross-reference in order to have a quick analysis of any static code and of the infrastructure;
- Distribution and sharing of know-how.
