Craft Designs, Inc Software Application Security Assurance
Security Requirements and Testing
CDI's requirements based security implementation generated by its
Software Security Process includes the generation of specific
security requirements, software design review and analysis, and
advanced testing.
Standard vulnerabilities are identified at the beginning of a
product's development lifecycle.
As the product's development progresses, manual scans, as
well as automated scans for undetected vulnerabilities, are
administered on developed code.
Testing consists of the Defense Information Systems Agency,
DiSA Gold Master Baseline scan for Windows XP and Vista, static code
analysis tools for vulnerability assessment, Information Assurance
Vulnerability Alert (IAVA) scans, and Fuzz testing, used to flood
the pre-release application inputs with random generated values in
an effort to cause the application to crash after it has been built.
Risk Assessment
For each product developed by CDI, a software risk assessment is
built off of a threat model generated by software design review and
analysis. A software
risk assessment allows CDI to evaluate risks qualitatively and
quantitatively in order to determine the most secure, yet cost
effective mitigation solution for vulnerability remediation.
US Army Network Enterprise Technology Command, Netcom
CDI's Software Development Lifecycle is capped off by obtaining a US
Army Certificate of Networthiness (CoN).
With the implementation of CDI's Software Security Process and the
integrity the process provides, CDI's software products are
delivered on-time, within budget, and with high levels of confidence
that the product is safe, secure, and sustainable.