spriteSVG

SECURITY TESTING

building a fully secure foundation for success

WHY SECURITY TESTING?

Your customers need to feel that their data is secure in your hands. The news is regularly filled with stories about the latest cyber security breaches, and consumers worldwide are increasingly wary about the risks of sharing their personal information with apps and websites. To gain consumer trust, reduce your risk, and secure the reputation of your business, the security of your software must be prioritized within any development effort.

WHY DISTILLERY FOR SECURITY TESTING?

To make sure your company’s mobile application or website is built on a fully secure foundation, comprehensive security testing is crucial prior to product release. We use specialized assessment tools and penetration testing to find and address any vulnerabilities or weaknesses in your product’s network, system software, server-side code and technologies, and client-side technologies (e.g., browsers). We can also perform narrowly scoped security assessments to look at specific control or compliance issues. Our software developers receive regular security-focused training, keeping them up-to-date on the latest developments in cyber security and leading security testing solutions.

WHAT IS SECURITY TESTING?

The CIA triad – which focuses on confidentiality, integrity, and availability – is at the center of information security. Security testing is largely focused on making sure that these three central concepts are being upheld.

Security testing is based on the CIA triad: confidentiality, integrity, and availability. Security testing in the software development process involves manual inspections and reviews, threat modeling, code review, and penetration testing. Risk levels are based on the rating methodology of the Open Web Application Security Project (OWASP). In overview, the CIA triad focuses on:

  • Confidentiality: Is information available only to those who are authorized to access it? Precautions must be taken to ensure that information is not made available to individuals, organizations, or processes that are not authorized to access it. User IDs, passwords, data encryption, and security tokens are common methods used to protect data confidentiality.
  • Integrity: Is the information provided by the system correct? Are measures in place to protect the information from being modified by unauthorized parties? The integrity of the data must be maintained and assured over its full life cycle. Measures to protect data integrity include setting user access controls and file permissions, and maintaining strong version control to protect against unauthorized alteration of the data. Safeguards must also be in place to restore any affected data (e.g., backups).
  • Availability: Is the information readily available to authorized users when they need it? In order for the information to be readily available to authorized users, computing systems and security controls must be functioning correctly, and communication channels must have sufficient bandwidth to allow authorized users to access to the data. When needed, repairs and upgrades should be made immediately. Safeguards (e.g., firewalls, proxy servers, disaster recovery plans) must be in place to prevent downtime due to malicious attacks.
SUPPORTING YOUR SUCCESS

DISTILLERY IS INTERNATIONAL

You need a global perspective to thrive in today’s global marketplace. We're based in Los Angeles, but our reach and experience are global. While our primary market is the USA, we work with companies around the world and in every time zone, from Los Angeles to Miami, London to Dubai. Our international experience enables us to bring a more diverse, globalized point of view to your project.

DISTILLERY IS FLEXIBLE

You could be a solo entrepreneur looking for help with creating a Proof of Concept, a fully funded startup launching your first product, or an enterprise in need of assistance with a new line of business app. Your project could be an office productivity application, a casual game, or an internal business tool. You may be looking to add engineering bandwidth to your own development efforts, or you may require a fully outsourced software development effort. No matter your situation or dream, we've got the flexibility to scale our team and our approach to fit your unique needs.

DISTILLERY IS TECHNICAL

You need a team that can work effectively within your existing technology framework. We're familiar with every major technical stack, from Swift and Objective-C on iOS, to Java on Android, to Node.js, Python, .NET, and PHP on the backend. We'll integrate smoothly with your team, adapt to your working style, and stay in touch with your preferred communication solution, whether that's Slack, Basecamp, JIRA, GitHub, or Asana.

DISTILLERY IS AGILE

We practice full Agile software development. More than just a buzzword, Agile ensures that we deliver the product you're expecting without surprises or delays. By building in small chunks and validating every step of the way, we ensure your experience is "plug and play,", not "pay and pray." And we can deliver new features or modifications in days or weeks, instead of months.

DISTILLERY IS BEAUTIFUL

You not only want a product that works – you want a product that shines. At Distillery, we balance engineering with artistry. Our experienced designers work hand in hand with development to deliver stunning, production-ready assets on schedule and on budget.

DISTILLERY IS ACCOUNTABLE

Your success and satisfaction are the true measure of our success in serving you. We work with you to set expectations and hold ourselves accountable for meeting them. We monitor your satisfaction on several levels throughout the project, enabling ongoing improvement and timely issue identification and resolution.