Our End-to-End Security Approach
From the First Line of Code to Live Support: We Embed Security into the DNA of Our Projects.
Security is Not an Option, It's a Necessity
For Krizma, the system and software security of the applications we develop is one of the basic and most important work items. We document this seriousness with our internationally valid ISO/IEC 27001 Information Security Management System certificate.
Software Development Security (In-House)
Software security business processes are carried out directly by our own expert team. At every stage of our development process, we take precautions by considering the security risks specified in the internationally accepted Open Web Application Security Project (OWASP) TOP 10 report.
Additionally, before the applications are published, we verify our security at a higher level by receiving penetration testing and code analysis services from independent firms with laboratory qualifications, accepted by us or recommended by the customer.
System and Infrastructure Security
We are aware that issues such as server, network and domain security require separate expertise. For this reason, we prefer to receive these services from our corporate business partners who are experts in their fields.
90% of the applications we develop are web-based and are safely hosted in TIER-4 standard cloud systems, in the customer's own data center or in the systems of another cloud company they have contracted with, according to customer requirements.
OWASP Security Risks We Focus On
Some critical security topics we pay special attention to while developing our applications are:
- Broken Authentication
- Broken Object Level Authorization
- Security Misconfiguration
- Server Side Request Forgery (SSRF)
- Unsafe Consumption of APIs
Don't Leave Your Project's Security to Chance.
Benefit from our consulting services to maximize the security of your applications and data.
Get Security Consulting