Security and software quality


Refactoring

Ensure security by updates, refactoring and monitoring

Security is a constantly-evolving goal which requires continous adaptation

●  All the technologies used need to be catalogued, together with their inter-dependencies: programming languages, server services, software versions. OPTI can create a technology manual for your business.

●  In case of official security releases, upgrades should be planned as soon as possible: both hardware and software, solving the dependencies so functioning is not affected.

●  In case of urgent security bugs, pro-active preventive steps may be taken: access reduction, access filtering, working on a data snapshot.

●  When security updates conflict with normal functioning, refactoring and code updates need to be implemented.

The case for code refactoring

●  In a fast-changing technology landscape, organizations depend on multi-year-old software using technologies which may become deprecated.

●  OPTI specializes in working with legacy code. We identify vulnerable portions of the legacy technology so minimal replacements ensure security. Or we refactor the code to the latest versions, re-writing the software to make it secure.

●  For example, we managed upgrades from PHP version 4 or 5 to 7, Python 2 to Python 3 and so on. We can also rewrite server-side PHP code to Javascript for NodeJS.

Security is cheap

Secure, up to date software has economic advantages:

●  Is faster and easier to integrate with new technologies

●  Decreases maintenance cost since official security updates can be managed in-house, until close to deprecation.

●  Decreases manhour cost, since junior software developers are available for hot new technologies, while legacy versions are mastered by senior developers.

Code refactoring
PHP 5 to 7 refactor
Migrating to NodeJS
Automatic code updates
Quick system restore
Technology manuals

Permission systems

Permission systems

Allow or deny users access to various parts of the application

Controlled access is a security technique for determining who can view or use various resources. The aim is to minimize the security risk posed by unauthorized access to confidential information.

We have successfully implemented RBAC (Role-based access control) permission systems in various organizations and systems. It restricts access to resources based on individuals or groups with very clear business functions (eg administrator, level 1 engineer, management). The role-based security model includes a complex structure of assignments, authorizations and permissions, built specifically to regulate users' access to the system.

RBAC systems
Multi-role CMS
Domain-specific access

Software audit

Software Audit

To ensure the security of software developed in an organization, the final step after coding and testing is the security audit. First, the remaining vulnerabilities following the coding process are checked, including avoiding known vulnerabilities in the language or libraries used. Secondly, the software may be subjected to a stress test to gain unauthorized access.

We independently review software products and processes and their compliance with initial specifications, globally accepted technical standards, and legal requirements.

We check which parts of the application are no longer used and represent an inherent deprecation risk.

The results of the audit include both identified risks and recommendations.

Code review
Vulnerabilty report
Unit testing implementation
Tech stack inspection
Code speed recommendations
Stress testing

Infrastructure audit

Infrastructure audit

We perform independent examinations of the hardware infrastructure to determine their condition in accordance with the requirements of the organization.

We indicate cost-effective hardware upgrades.

We implement public, private or hybrid cloud services (AWS, Azure, GCloud or others)

Benefits of cloud services:

●  Scalability: because the provider provides the entire infrastructure, there is no need for additional employees if the business is scaling

●  Low costs: no investment in hardware infrastructure and maintenance personnel required

●  Increased flexibility: the organization can subscribe or unsubscribe at any time

Server services audit
Stress testing
Comparing cloud services
Measuring scalability
Long-term cost planning
Vulnerability report

Meet us in Bucharest, Romania

OPTI Office