Security Testing

Our skilled security testers have a standard toolbox of best of breed utilities and techniques to gain insights into target systems. Using these tools (automated), combined with years of experience within cross-domain security disciplines and practical methodologies (manual) allows us to provide real, tangible and usable information to secure your systems.

Our methodology for performing technical security assessments draws elements from a number of published ‘best of breed’ methodologies, including OWASP, OSSTMM, NIST, NSA, PTEST and ISSAF.

Services include:

  • Penetration Testing
  • Vulnerability Assessments
  • Dynamic code analysis
  • Static code analysis
  • Implementation of Secure Systems Development Lifecycle processes (SSDLC)

 

Security Development Lifecycle

Customers demand secure and compliant software and – like the end product itself – a software development method must be secure by design, by default, and secure by deployment. Agility is good, and speed to market is paramount but customers need to protect their intellectual property, brand and customer data. 

Consider the evolution and sometimes hybrid combinations of waterfall, agile and ad-hoc, the challenge is to ensure that security is built-in to the software development lifecycle across all lines of business in a consistent, adoptable and repeatable way. Zimbani’s people have cumulative decades of experience developing enterprise security software for leading organisations. As software development technology has changed, so has the threat landscape and we've been there through it all.

Bringing together world class security expertise from architecture, security, engineering and operations Zimbani will help ensure your software and software development processes are secure, compliant and adaptable to ever-changing threats.

 

3rd Party Compliance

We help to ensure that your business partners and service providers compliment, and not degregate your technology and business environment. We are able to do one off and recurring assessments, or if you prefer imbed the processes and methodologies internally to your organisation.

Compliance when engaging external providers for products and services requires due diligence to ensure you are protected financially and legally, and assets are not susceptible to threats beyond your control. Companies must have complete visibility with whom they are conducting business with both prior to and during engagements.

Principles Include:

  • Review of independent security assessment, audits and certifications of your partners
  • DataCenter onsite assessments
  • Design, technology and process reviews
  • Baseline your partners/ providers against your key compliance drivers such as PCI DSS, COBIT and ISO27001.