Ensure security by updates, refactoring and monitoring

Security is a constantly-evolving goal which requires continous adaptation

●  All the technologies used need to be catalogued, together with their inter-dependencies: programming languages, server services, software versions. OPTI can create a technology manual for your business.

●  In case of official security releases, upgrades should be planned as soon as possible: both hardware and software, solving the dependencies so functioning is not affected.

●  In case of urgent security bugs, pro-active preventive steps may be taken: access reduction, access filtering, working on a data snapshot.

●  When security updates conflict with normal functioning, refactoring and code updates need to be implemented.

The case for code refactoring

●  In a fast-changing technology landscape, organizations depend on multi-year-old software using technologies which may become deprecated.

●  OPTI specializes in working with legacy code. We identify vulnerable portions of the legacy technology so minimal replacements ensure security. Or we refactor the code to the latest versions, re-writing the software to make it secure.

●  For example, we managed upgrades from PHP version 4 or 5 to 8, Python 2 to Python 3 and so on. We can also rewrite server-side PHP code to Javascript for NodeJS.

Security is cheap

●  Is faster and easier to integrate with new technologies

●  Decreases maintenance cost since official security updates can be managed in-house, until close to deprecation.

●  Decreases manhour cost, since junior software developers are available for hot new technologies, while legacy versions are mastered by senior developers.

Highlights

  Code refactoring

  Legacy version upgrade (ex: PHP 5 to 8)

  Migrating to NodeJS

  Automatic code updates

  Quick system restore

  Technology manuals

Software audit

To ensure the security of software developed in an organization, the final step after coding and testing is the security audit. First, the remaining vulnerabilities following the coding process are checked, including avoiding known vulnerabilities in the language or libraries used. Secondly, the software may be subjected to a stress test to gain unauthorized access.

We independently review software products and processes and their compliance with initial specifications, globally accepted technical standards, and legal requirements. We check which parts of the application are no longer used and represent an inherent deprecation risk.

The results of the audit include both identified risks and recommendations.

 

Highlights

  Code review

  Vulnerabilty report

  Unit testing implementation

  Tech stack inspection

  Code speed recommendations

  Stress testings
software-and-it-innovation

Permission systems and role-based access

Allow or deny users access to various parts of the application

Controlled access is a security technique for determining who can view or use various resources. The aim is to minimize the security risk posed by unauthorized access to confidential information.

We have successfully implemented RBAC (Role-based access control) permission systems in various organizations and systems. It restricts access to resources based on individuals or groups with very clear business functions (eg administrator, level 1 engineer, management). The role-based security model includes a complex structure of assignments, authorizations and permissions, built specifically to regulate users' access to the system.

Highlights

  RBAC systems

  Multi-role CMS

  Domain-specific access

GDPR Personal Data Management

●  Cookie management with mandatory marketing-external distinction.

●  Registration, re-registration, updating of data with double confirmation

●  Deletion of data with double confirmation on request

●  Deletion at automatic intervals, depending on legal requirements and the minimum time required in business processes.

●  Access to your own data - secure downloads

●  Data transfer between companies according to the agreement of the holder

●  Secure data archiving and archive restoration.

 

Highlights

  Data cataloguing

  Manual of procedures

  Scheduled data review

  Preferential data access

  Data archive & restoration

  Data breach detection
software-and-it-innovation
what's your challenge?

Want to know more?

Schedule a meeting

See calendar

Testimonials

Playwing
OPTI has been a key partner which allowed us to go to market fast at a moment when our teams were in their infancy. Following attributes describe our collaboration with them: result-oriented, fast, proactive, excellent work ethics. I highly recommend them !
Cristi D
Playwing
UI Path
The team of specialists at OPTI helped us move UiPath’s website to Hubspot and integrate various SaaS services to create a unitary experience for our customers. Well done, clear communication and management plus quick adaptation to new technologies and learning potential. Recommend.
Mihai Bădiță
UI Path
University of Bucharest
For nine months, OPTI has provided the Technical Director for the reconstruction of the main web portal of the University of Bucharest, the most important university in Romania. I think they did a stellar job and I recommend them for any similar project.
Mircea Dumitru
University of Bucharest

Expertise

Expertise

50+
platforms
We cover MERN, LAMP, MEAN and multiple data stacks
Amazon Web Services
MongoDB
cassandra
Oracle
SQL Server
Python
Google
CRM

Case

studies

Some example products or automations.
View all case studies