Code of security: Analysis of security of software

2018: Start of services "Analysis of security of software"

The Code of Security company announced on October 29, 2018 expansion of the list of professional services and opening of the direction of services "The analysis of security of software". Interest in this type of activity is dictated by its high market dynamics and also the growing demand of customers, explained in the company. On carrying out penetration tests the selected team of specialists of the company in Penza will be engaged in project implementation.

The direction of the analysis of security of software regarding vulnerabilities is in stable demand both for government institutions, and for the commercial sector. Attraction to audit of information and telecommunication infrastructure and the software of ethic hackers ("white hats") allows customers to support the necessary level of security due to timely identification and neutralization of key risks of information security.

Demand for security audit is dictated also by new initiatives of regulators. So, within the Digital Economy program it is supposed to select about 800 million rubles for ensuring carrying out penetration tests. Also regulation of the financial industry regarding cybersecurity amplifies. In the summer of 2018 amendments were made to provision of the Central Bank 382-P: according to the document, credit institutions it is necessary to hold annually testing for penetration, and every two years to perform external complex audit of cyber security.

According to "The code of security", the following types of service will be available to customers of ethic hackers:

• complex information security audit (information security audit)
• testing for penetration (penetration testing):
  • information and telecommunication systems
  • web applications and Internet services
  • hardware-software solutions

• analysis of security of the software (software security analysis):
  • from drivers to applications for platforms Mac Linux, Windows
  • mobile applications of Android, iOS
  • built-in (embedded) of the software

• investigation of incidents in the field of information security (cyber security forensics)
• consulting in the field of information security.

As a result of execution of works on any of the directions the customer receives not just the report, and complete understanding of level of security of the IT infrastructure and practical recommendations about protection against the possible hacker attack.

In "The code of security" highly skilled experts work, and development process in the company conforms to requirements of GOST: within lifecycle of each product the procedures directed to detection of vulnerabilities and their timely elimination are carried out. So we have necessary examination fully. For development of employee competences regarding the analysis of security and also for deepening of our knowledge regarding vectors and models of the new attacks we made the decision on creation of the selected division which will be engaged in the analysis of security. It will also give us the chance to improve our products, to make them safer — Dmitry Zryachikh, the technical director of the company "The code of security" told.

Within the first year the main efforts of ethic hackers will be concentrated on team development, strengthening and expansion of a range of competences and also on establishment of business connections with partners and clients, expansion of a portfolio of the implemented projects. As of October, 2018, a number of projects in the directions of the analysis of security of network infrastructures, mobile applications, web solutions, network equipment and hardware and software systems is executed. Projects were executed as for the benefit of divisions of "The code of security", and for external commercial customers.