Data Center Consultancy & Power Management

Help you build a power system that delivers the reliable, h-quality power your data center needs.

Data Security products

Makes it simple to solve today’s and future security and compliance concerns by defending data in databases.

Physical Security

Security measures that are designed to deny unauthorized access to any thing to protect personnel and property from damage or harm.

Server & Storage Solutions

Our powerful, affordable network engines and reliability to back up, protect and consolidate important data.

Analysis and Security Requirements Phase

Building real secure software should start in the initial planning phases of the project and should consider security requirements as a main part of the project requirements. What we can support are as follows: 
- Help Systems Analysts to identify security and privacy requirements. 
- Review project plan and make recommendations and may set additional project requirements from security perspective.
- Mandate the usage of a bug tracking/security job assignment system. 
- Define security and privacy bug bars. 

 

Design Phase

Security and privacy design specifications should describe how to implement these features in details and how to implement all functionality as secure features. In this phase we define and document security architecture, identify security critical components for the network structure, operating system, web and database server, developed software project. 
- Identify and plan for design techniques implementations (layering, managed code, attack surface minimization, least privilege…etc). 
- Define attack surface and limit through default settings. 
- Building a Threat Model for the design based on prospected risks

• Systematic review of product architecture and features from a security point of view.
• Identify threats and solutions.

- Identify custom criteria due to unique project security issues.
 

Development Phase

Integration of our supported security tools (Parasoft application security monitoring tools – look at www.parasoft.com) with development and testing environment to ensure secure deployment and operation later. The following steps are achieved during this phase: 
- Static source code analysis and review: 

  • Facilitates regulatory compliance.
  • Ensures that the code meets uniform expectations around security, reliability, performance, and maintainability.
  • Eliminates entire classes of programming errors by establishing preventive coding conventions.


 

 

- Data flow static analysis; Detects complex runtime errors related to resource leaks, Null Reference Exceptions, SQL injections, and other known security vulnerabilities 

 

- Metrics analysis; Identifies complex code, which is historically more error-prone and difficult to maintain 
- Peer code review process automation 
- Automates and manages the peer code review workflow- including preparation, notification, and tracking- and reduces overhead by enabling remote code review on the desktop. 
- Unit test generation and execution; Enables the team to start verifying reliability and functionality before the complete system is ready, reducing the length and cost of downstream processes such as debugging 
- Automated regression testing; Generates and executes regression test cases to detect if incremental code changes break existing functionality or impact application behavior 
- Coverage analysis; Assesses test suite efficacy and completeness using a multi-metric test coverage analyzer; this helps demonstrate compliance with test and validation requirements such as FDA 
- Team deployment and workflow; Establishes a sustainable process that ensures software verification tasks are ingrained into the team's existing workflow and automated so team members can focus on tasks that truly require human intelligence. 
- Error assignment and distribution; Facilitates error review and correction; each issue detected is prioritized, assigned to the developer who wrote the related code, and distributed to his or her IDE with direct links to the problematic code. 
- Centralized reporting; Ensures real-time visibility into quality status and processes; This helps managers assess and document trends, as well as determine if additional actions are needed for regulatory compliance. 

 

Note:

Star-ware can perform the above mentioned tasks on a consulting basis instead of deploying tools permanently. The customer should advise which model will suit his needs. SECURITY & QUALITY TESTING SCOPE OF WORK ORIGNIAL PROPOSAL 3 Full-lifecycle quality platform ensures secure, reliable, compliant business processes. It was built from the ground up to prevent errors involving the integrated components as well as reducing the complexity of testing in today's distributed, heterogeneous environments. 
 

End-to-end testing

Continuously validates all critical aspects of complex transactions which may extend through web interfaces, backend services, ESBs, databases, and everything in between 
 

Advanced web app testing

Guides the team in developing robust, noiseless regression tests for rich and highly-dynamic browser-based applications 
 

Application behavior virtualization

Automatically emulates the behavior of services, and then deploys them across multiple environments—streamlining collaborative development and testing activities. Services can be emulated from functional tests or actual runtime environment data


Load/performance testing

Verifies application performance and functionality under heavy load; Existing end-to-end functional tests are leveraged for load testing, removing the barrier to comprehensive and continuous performance monitoring 
 

Specialized platform support

Accesses and executes tests against a variety of platforms (AmberPoint, HP, IBM, Microsoft, Oracle/BEA, Progress Sonic, Software AG/webMethods, TIBCO) 
 

Security testing

Prevents security vulnerabilities through penetration testing and execution of complex authentication, encryption, and access control test scenarios 
 

Trace code execution

Provides seamless integration between SOA layers by identifying, isolating, and replaying actions in a multi-layered system 
 

Continuous regression testing

Validates that business processes continuously meet expectations across multiple layers of heterogeneous systems; this reduces the risk of change and enables rapid and agile responses to business demands. 
 

Multi-layer verification

Ensures that all aspects of the application meet uniform expectations around security, reliability, performance, and maintainability 
 

Policy enforcement

Provides governance and policy validation for composite applications in BPM,SOA, and cloud environments to ensure interoperability and consistency across all SOA layers. 
 

Operations and Application Security After Launch

- Plan and design an application auditing platform that is being used after launch phase to measure and track security parameters. 
- Define the security parameters and its related data and how to log and maintain such entries. 
- Integrating the logging/triggering module (with best security practice) into the developed software project. 
- Plan the development of the monitoring and management secure interface. 
- Plan the implementation of the related alerting system for critical or specified activities or application actions. 
- Training the operators for best practices and optimum usage of the auditing and monitoring platform.

Like us on Facebook

Contact us

Building 14, Road 298, New Maadi, Cairo.

Tel: +20 27023334 | 270 32335

Email: info@ntc-eg.com

JoomShaper