In phase one, we assemble a list of potential threats, to assess what mitigating measures we should be prepared to take. An example of this could be: To check whether a certain component is sensitive to DDoS attacks; and then, identify countermeasures that are planned in the development work.
In the next phase, we do a static source code analysis of everything that is in development; so that our developers can quickly receive feedback on whether they have taken in a library, or produced code, that have known problems. Throughout the development cycle, we also receive suggestions on how code, or implementation processes, should be adapted; to be as secure as possible.
When the component finally goes into operation, we have basic security protection protocol that ensures that we are GDPR-compliant; and that the right people access the correct data, at any given time. We also ensure that good encryption is in place; and that we have the perimeter protection needed, in order to be able to offer genuinely secure maintenance operations.