Security

Coriolis maintains a specialized security practice. Here's how we can help.

Consulting on Engineering Best Practices

We provide expert consulting for organizations developing and customizing software, or even just maintaining an online presence.

Developer Training

Sensitizing developers and test engineers to security issues, so that security issues are considered throughout the development life cycle.

Audit Processes

Audit of software development and QA practices, source code handling, bug tracking systems, vulnerability management.

Process Improvement

Suggesting and implementing specific tools for assessing and reporting security quality of the software developed in-house before deployment.

Suggesting steps for due diligence and inserting specific obligations from vendors when off-the-shelf or customized software is acquired and deployed.

Development of Security Products

Kernel components on UNIX and Windows

We have built storage filter drivers for tracking changes to sensitive files, network filter drivers for attack detection and prevention, address space layout randomization and other security features which require a deep knowledge of OS internals and the threat landscape.

Our engineers have contributed significantly to the development of security solutions used by the Fortune 25.

Securing data, communications and APIs

Many application scenarios involve a mobile client - a browser or a native app - talking to a service in the cloud and transmitting sensitive personal data. This calls for enhanced security measures to be taken at every point in the application stack. We have considerable experience in the space of encryption at rest, key management, and securing APIs used access to online resources.

Independent Security Evaluation

We review security of SaaS solutions from the perspectives of an insider threat as well as a malicious attacker from the outside.

Deployment security

Assess the security of deployed servers, update and patching of software on the servers, instantiating a regular scan of the deployed servers for on-going information security status auditing.

Access control and separation

Separation of privileges for insider access to various server components and the data contained therein, separation of user data, assessing the secure storage of secrets pertaining to users as well as across user groups, suggestions for changes in architecture and deployment to ensure data access control.

Software audit

Software source code audit for identifying insecure practices and potential vulnerabilities for open source and client-developed software. Software security audit for software deployed where the source code is not available.

Penetration Testing

Specific attacks of well-known vectors such as OWASP top 10 and CWE top 25, using appropriate tools and ad hoc techniques.

Pre-Sales Support

As part of pre-sales activities, the end user may require specific assurances to be made regarding the security preparedness or risk associated with a solution.

For customers who have availed our services to conduct independent security evaluation of their products and services, we can provide an opinion and a report as to the software security quality, as per our best judgment.