Ensure security by updates, refactoring and monitoring
Security is a constantly-evolving goal which requires continous adaptation
● All the technologies used need to be catalogued, together with their inter-dependencies: programming languages, server services, software versions. OPTI can create a technology manual for your business.
● In case of official security releases, upgrades should be planned as soon as possible: both hardware and software, solving the dependencies so functioning is not affected.
● In case of urgent security bugs, pro-active preventive steps may be taken: access reduction, access filtering, working on a data snapshot.
● When security updates conflict with normal functioning, refactoring and code updates need to be implemented.
The case for code refactoring
● In a fast-changing technology landscape, organizations depend on multi-year-old software using technologies which may become deprecated.
● OPTI specializes in working with legacy code. We identify vulnerable portions of the legacy technology so minimal replacements ensure security. Or we refactor the code to the latest versions, re-writing the software to make it secure.
● For example, we managed upgrades from PHP version 4 or 5 to 8, Python 2 to Python 3 and so on. We can also rewrite server-side PHP code to Javascript for NodeJS.
Security is cheap
● Is faster and easier to integrate with new technologies
● Decreases maintenance cost since official security updates can be managed in-house, until close to deprecation.
● Decreases manhour cost, since junior software developers are available for hot new technologies, while legacy versions are mastered by senior developers.
Code refactoring
Legacy version upgrade (ex: PHP 5 to 8)
Migrating to NodeJS
Automatic code updates
Quick system restore
Technology manuals
Software audit
To ensure the security of software developed in an organization, the final step after coding and testing is the security audit. First, the remaining vulnerabilities following the coding process are checked, including avoiding known vulnerabilities in the language or libraries used. Secondly, the software may be subjected to a stress test to gain unauthorized access.
We independently review software products and processes and their compliance with initial specifications, globally accepted technical standards, and legal requirements. We check which parts of the application are no longer used and represent an inherent deprecation risk.
The results of the audit include both identified risks and recommendations.
Code review
Vulnerabilty report
Unit testing implementation
Tech stack inspection
Code speed recommendations
Stress testings
Permission systems and role-based access
Allow or deny users access to various parts of the application
Controlled access is a security technique for determining who can view or use various resources. The aim is to minimize the security risk posed by unauthorized access to confidential information.
We have successfully implemented RBAC (Role-based access control) permission systems in various organizations and systems. It restricts access to resources based on individuals or groups with very clear business functions (eg administrator, level 1 engineer, management). The role-based security model includes a complex structure of assignments, authorizations and permissions, built specifically to regulate users' access to the system.
RBAC systems
Multi-role CMS
Domain-specific access
GDPR Personal Data Management
● Cookie management with mandatory marketing-external distinction.
● Registration, re-registration, updating of data with double confirmation
● Deletion of data with double confirmation on request
● Deletion at automatic intervals, depending on legal requirements and the minimum time required in business processes.
● Access to your own data - secure downloads
● Data transfer between companies according to the agreement of the holder
● Secure data archiving and archive restoration.
Data cataloguing
Manual of procedures
Scheduled data review
Preferential data access
Data archive & restoration
Data breach detection