Cognizant - Passion for building stronger businesses   
 
Home About Us Solutions Insights News & Events   Careers Investors Contacts
  Application Security Industrialization
  Practice Overview
  Solution Offerings
  Our Partners
  Client List
Information Security & Privacy
Safety Zone - Protecting your assets
Home > Solutions > Information Security & Privacy > Application Security Industrialization
 
Application Security Industrialization
The Security Practice in Cognizant pioneers the concept of Security Industrialisation - a process that helps align the Software Development Lifecycle with the latest in Security Standards, guidelines and principles. The process involves modifying the software development processes by integrating measures that lead to improved software security. The intention of these modifications is not to totally overhaul the process, but rather to add well-defined security checkpoints and security deliverables.
 
The Industrialization process is a combination of tool based and manual based approach from the consultants in the Security Practice. Cognizant uses the best of breed industry standard solutions (Commercial, Open source and Home grown) towards the Security Industrialization process. The 'security' activities that will be integrated by Cognizant in different phases of the SDLC are:
 
Requirements Phase:
  • Consider how security will be integrated into the development process, identify key security objectives, and otherwise maximize software security while minimizing disruption to plans and schedules.
  • Identify security milestones and exit criteria that will be required based on project size, complexity, and risk.
 
Architecture & Design Phase:
The design phase identifies the overall requirements and structure for the software. From a security perspective, the key elements of the design phase are:
  • Provide security design guidelines
  • Security architecture and design review
  • Conduct threat modeling
 
Development:
Cognizant has built up a set of secure coding guidelines to be followed during application development. These guidelines are aligned with industry standards like OWASP and make the code stronger and secure
 
Testing and Deployment:
  • Tool / manual based application Security Testing
  • Source Code Examination
  • Access Control Testing
  • Secure application deployment
 

Cognizant is also a gold member of ISECOM (Institute for Security and Open Methodologies) which has formulated the OSSTMM (Open Source Security Testing Methodology Manual). Cognizant relies on the OWASP Methodology and reviews every phase of the ADLC keeping the OWASP Top Ten Vulnerability Categories as a basic guideline.

 
With a strong background on Security principles and methodologies, the Security Practice has performed Security Industrialization engagements over a wide variety of clientele. As further proof, the Industrialisation process has been successfully integrated as a part of all application development projects at Cognizant.
Cognizant provides a comprehensive approach to security based on best practices