Cyber Security Strategy and IT Security Governance
- Information and Cyber Security Strategy
- IT Security Governance
- Information Security Management System
- Vendor security risk assurance
Standards and Regulatory Compliance
- ISO 27001 Compliance Readiness
- PCI DSS Compliance Readiness
- Gap Analysis
- Policy and procedure development
Privacy and Data Protection
- Data Privacy Strategy and Policies
- Personal and corporate data protection
- Data Classification
- Data Loss Prevention
Identity and Access Management
- Access Security
- Authorization
- Authentication
- User management and identity lifecycle
Infrastructure and Operations Security
- Information Technology Security Architecture
- Technology and product selection and evaluation
- Product and process alignment and integration
- Managed Security Services
Security Assessment and Threat Management
- Network and application security assessment
- Penetration Testing and Social Engineering
- Stress and load testing
- Vulnerability and Patch Management
Incident Response and Forensic Investigation
- Computer Security Incident Response Program (CSIRT)
- Cyber Incident Legal Advice
- Cyber Crime Scene and Forensic Investigation
- Cyber Resilience
Security Awareness Program and Trainings
- Security Awareness Program
- Security Fundamentals Trainings
- CISO and CSO coaching
- C-level and Executive Cyber Security Awareness
Source Code Analysis
How much do you trust the software you use?
Nowadays due to the widespread use of mobile devices and internet, software development has increased. For this reason, in these days software security is becoming much more important. Source code analysis needs to be integrated with the Software Development Lifecycle (SDCL) in order to ensure the software security in your company, meet compliance requirements focusing on the right target, create a continuous control environment, ensure the software has the proper safety features and assure the software development process to be performed at the expected level.
We, PwC Risk Assurance Services, as information technology risk experts, can help you in the following ways:
- Assess your Software Development Lifecycle (SDLC) and identify improvement areas
- Review your source codes with static code analysis and identify threat and vulnerabilities
- Implement and configure the static code analysis tool and organize the control environment with the integration of the tool within your Software Development Lifecycle (SDLC)
- Static code analysis on different platforms (Windows, Android, IOS, Linux etc.) without the need of different system
- Analyze projects that not compiled / completed (Continuous Integration)
- With the incremental scan capability only the changed files and files that affect these files (previous and next three) analyzed without the need of analyzing whole project which optimize the analyze periods.
- With the object oriented script language security queries can be easily customized
- Static analysis tool that is going to used supports more security vulnerabilities. (SQL Injection, HTTP Splitting, Unreleased Resources, Cross-Site Scripting, Log Forgery, Invalidated Input, Code Injection, DoS, URL Redirection Attack, Buffer Overflow, Session Fixation, Dangerous Files Upload, Parameter Tampering, Session Poisoning, Hardcoded Password, Cross-Site Request Forgery, Unhandled Exceptions etc.)
