Search-Lab Kft.

Implementation phase

Why is implementation important for software security?

Implementation is when lofty design goals are finally put to the test. Even if your designers did their best to design a bullet-proof application, all it takes is one exploitable software bug to give hackers a starting point to attack and ruin the entire system.

You may have heard about Stuxnet, Duqu and Flame – advanced malware designed to destroy factory machinery, spy on high-value targets, and serve as an undetectable attack platform. The Sony PlayStation Network with millions of users was compromised in 2011, and a large amount of confidential user data was lost. In each of these cases, ordinary programming mistakes in the software gave hackers a starting point to launch their attacks.

How can I mitigate vulnerabilities during implementation?

Building security into implementation starts with the most important part of the process - your developers. If they know how to protect their code against typical vulnerabilities such as SQL injections and buffer overflows, they will make it significantly harder for hackers to attack your system.

Code reviews are another answer to finding bugs, but trying to review a large codebase can quickly spiral out of control. Static code analysis tools can help, but they cannot find all bugs, and will typically generate many false positives. Adhering to a secure coding methodology can provide additional protection – if you can enforce it.

How can SEARCH-LAB help?

We have been helping companies secure their code for a long time. We can help you find vulnerabilities during development – instead of waiting for hackers to do the same after release. We use a hybrid source code review process that finds critical implementation bugs by using manual techniques such as taint analysis as well as code analysis tools to make the review space manageable. It is the best of both worlds.

We also have significant expertise in teaching secure development techniques – our training sessions include plenty of hacking exercises that make them much easier to understand, not to mention fun!