Application Security
Security is critical to nearly every application we develop or review. Whether it is simply hooking up to a back end LDAP server for authentication, configuring SSL across a farm of servers, or conducting full-on penetration testing to assess the security of a Web application, we build security into our plans from the ground up.
Chariot's architects have designed and implemented security systems for:
- Lottery ticket purchases where winning numbers should not be transferable even by DBAs and system administrators
- Software as a Service (SaaS) applications holding critical financial data for businesses large and small
- e-Commerce sites managing credit card data, billing systems managing customer names, addresses and social security numbers
- Community and financial sites using single sign-on across multiple applications
- Secure integration platforms connecting multiple business partners
- Public-facing Internet sites that simply do not want to fall victim to SQL Injection or Cross-Site Scripting attacks.
Our approach to security begins by identifying a system's assets, threat model, and pertinent regulations. We develop specific goals and test plans to measure and quantify the security and identify any vulnerabilities. Then we work with our clients to prioritize and remediate any issues as well as train and mentor on secure development practices to maintain a high standard down the road. From automatically cleansing test data to detecting common Web vulnerabilities as part of a continuous integration environment, we put the tools in place to keep systems secure moving forward.
