Security Assurance

Our skilled security testers have a standard toolbox of best-of-breed utilities and techniques to gain insights into target systems.

Using these tools (automated), combined with years of experience within cross-domain security disciplines and practical methodologies (manual) allows us to provide real, tangible and usable information to secure your systems.

Our methodology for performing technical security assessments draws elements from a number of published best of breed methodologies, including OWASP, OSSTMM, NIST, NSA, PTEST and ISSAF.

We are able to introduce more consistent, measurable and repeatable testing approaches such as the OWASP Application Security Verification Standard (ASVS) and implement Security testing in your build process with our Continuous Security Integration (CSI) services to introduce shift left testing for Security.

Services include:

  • Penetration Testing
  • Vulnerability Assessments
  • Dynamic code analysis
  • Static code analysis
  • Implementation of Secure Systems Development Lifecycle processes (SSDLC)
  • Embedding security testing as part of your build processes in an automated and repeatable fashion

Security Development Lifecycle

Customers demand secure, compliant software and – like the end product itself – a software development method must be secure by design, by default, and secure by deployment. Agility is good, and speed to market is paramount but customers need to protect their intellectual property , brand and customer data.

Consider the evolution and sometimes hybrid combinations of waterfall, agile and ad-hoc, the challenge is to ensure that security is built-in to the software development lifecycle across all lines of business in a consistent, adoptable and repeatable way. Zimbani’s people have cumulative decades of experience developing enterprise security software for leading organisations. As software development technology has changed, so has the threat landscape and we’ve been there through it all.

Bringing together world class security expertise from architecture, security, engineering and operations Zimbani will help ensure your software and software development processes are secure, compliant and adaptable to ever-changing threats.

3rd Party Assurance

We help to ensure that your business partners and service providers compliment and not degrade your technology and business environment.

We are able to do one off and recurring assessments, or if you prefer imbed the processes and methodologies internally to your organisation.

Compliance when engaging external providers for products and services requires due diligence to ensure you are protected financially and legally, and assets are not susceptible to threats beyond your control.

Companies must have complete visibility with whom they are conducting business with both prior to and during engagements.

Principles include:

  • Review of independent security assessment, audits and of certifications your partners
  • On-site and Data Centre reviews
  • Design, technology & process review
  • Baseline your partners and providers against your key compliance drivers such as PCI DSS, COBIT and ISO27001
  • Bolster your Cloud adoption through robust Cloud governance process development and control assessment

Zimbani Third Party Compliance Framework