Whether you are preparing an external audit (e.g. PCI DSS) or accompanying the systematic early recognition of potentially costly design decisions a second opinion is critical. A second opinion provides assurance and helps counter the typical problem of established structures: organizational blindness.
We offer an outside view that challenges critically and comprehensibly. It helps demonstrate where there is room for improvement.
You want to evaluate the sustainability of your architecture with regard to maintenance, robustness, and performance...?
Our technology specialists will gladly examine and, provide critical feedback on your architecture.Based on their experience in similar situations, they will point out especially sensitive areas.
Often times, we accompany the development state with reasonable strategies in switching from an existing infrastructure to a contemporary technological infrastructure. We are happy to share our experience in generating technical documentation for your software architecture.
- Requirements: Are your system requirements defined clearly. Is its description up-to-date? Are there parts of the application that are obsolete?Are those parts necessary and do they need to be removed?
- Component Design: How clear-cut and how distinct are the structures and responsibilities of the diverse components within the application? Is it reflected by well-defined interfaces and contracts?
- Security: Are the different confidentiality areas within the application defined unambiguously? Are assumptions on structure and rights of incoming communication verified in the appropriate places?
- Speed: Does the perceived performance of the application satisfy the expectations or are there bottlenecks that curtail the efficient usage of the application in daily operation?
- Technologies: Are the preferred technologies concurrent with the functional and non-functional system requirements or are there more beneficial alternatives?
- Development Process: Is it foreseeable to make changes to the planned development process, in order to further improve it in terms of objectives and cost efficiency?
The underlying architecture of the application is a decisive factor for its flexibility and expand-ability.
The design predetermines which areas will be easy to adapt and expand, and in which ones a change will be more expensive.Concurrently,extraordinary flexibility and configurability often also entail high costs, making it important to carefully trade off initial development costs against its maintenance efforts.
The quality of the components' design also has a direct impact on the potential division of labor and the specialization of individual developers during the implementation. The implementation of a barely comprehensible, impenetrable jungle of requirements and ideas cannot be organized efficiently. In order to organize the requirements and ideas.regular consultations between team members must be constant, even for those across country borders.
"If you think good architecture is expensive, try bad architecture". – Brian Foote and Joseph Yoder
In the scope of an architectural audit, we critically screen existing architectural and design guidelines. We provide tips and tricks on the methodologies implemented. If necessary. We develop essential artifacts and screens based on an existing but unfulfilled documented business application.
- .Threat Modeling: We document the confidentiality areas intended for the application in the scope of a threat model and contrast this to the actual situation.
- Penetration Tests: We employ white-hat methods by assuming the role of hackers and reinforce possible attack vectors and defense against exploits.
- Standards: We develop and evaluate the current state of your software application concerning established security standards and practices such as STRIDE, DREAD, OWASP and PCI.
Especially in the early phases of a project, application security is one of the most neglected aspects of routine software development.
People often try to retrofit applications with security concepts after development. or – even worse! in reaction to a security breach from the outside. When handling sensitive data, this can quickly become costly for your company.
In the scope of a security audit, we screen existing applications, document and evaluate their security-relevant soft spots and demonstrate possible solutions and attack vectors.