Development environment audits
The objective is to audit the architecture of a development environment in search of weaknesses as regards Design, Choice of protocols used, Compliance (or not) with recommended practices in terms of security. The audit is based on an analysis of the documentation provided as well as on possible interviews with the people in charge of the design, implementation, administration and Maintenance Repair & Overhaul (MRO) of the target information system.
In addition to the analysis of the target’s physical and application architecture, the architecture analysis includes an audit of the administration mechanisms (administration, supervision, software maintenance, application deployment, logging, etc.) of the target.
The integration of security issues in the choice of information system administration mechanisms is critical insofar as it allows us to:
- Ensure the traceability of the operations carried out on the target;
- Respond effectively to service disruptions or suspicious IS transactions;
- Ensure at least the maintenance of the level of security during administration operations.
- The audit will be supplemented by a site visit and interviews to clarify certain points that could be misinterpreted, and to validate any discrepancies with the people in charge of applying the procedures.
In particular, this audit also includes the verification of:
- The procedures put in place to manage development
- Delivery procedures
- Procedures related to the organizational aspects of development security