Architecture & Design Review

Secure Software Begins with Robust Design

Conducting an architecture and design review will uncover vulnerabilities and provide detailed recommendations for building, improving, or re-engineering your design. Since most vulnerabilities are introduced during the design phase it is paramount to remediate problems before they have a negative cascading effect during coding and release. If the design is flawed, even defensive coding won’t hide weaknesses and waiting to find vulnerabilities later in the process wastes both time and money.

Leveraging the industry-leading STRIDE and DREAD threat management methodologies we co-created, our team casts a critical eye over the security of an application's complete deployment structure. We identify weaknesses in requirements and architecture by analyzing common and platform-specific vulnerabilities. At the end of the review, we document our analysis and recommendations, ensuring the impact and risk of each recommendation is clearly understood in a manner that you can use to quickly eliminate or mitigate the threats.

Our Three-Step Design Review Methodology

Here at Security Innovation, our experts use a three-step methodology to analyze your application's design and structure to keep you on track for a timely deployment.

Identify High Risk Areas. Our experts identify the application's attack surface and various entry points to determine the associated threats with each one.
Identify flaws and damage potential. This phase will identify flaws and weaknesses in design components (i.e. communication protocols, database choices, application server configurations, etc.) We then devise recommendations on how to architect, build, or deploy the application more securely and documenting trade-offs for each recommendation. Each change may address multiple threats.
Deliver concise security recommendations. Once we know where your architectural weaknesses are, we gather additional information to help you understand how to address each threat. Since all threats do not need to be mitigated, we take into consideration (where possible) your environment and objectives, to provide actionable and substantive change.