• Methodology
• Team
• Community
• Careers

Denim Group's Development Methodology

Denim Group's philosophy is that security cannot be ignored, overlooked or put off. It is our responsibility as security trained developers to follow security best practices throughout the development process.

While Denim Group offers specialized security services including assessments and training, security is also a core component of our development process.

Security is a Part of the Culture

Denim Group does not have separate security and development teams. They are one in the same. Our developers' working knowledge of the threats and countermeasures encountered in the application security arena, as well as development strategies that fit into the software development lifecycle, provide the level of expertise needed to develop, assess and remediate application source code.

Security is a Part of the Process

Denim Group addresses security at various phases in the development process.

Pre-Engagement
In our very first conversations with clients, Denim Group asks questions about not only functionality but also security needs.

Envisioning
During this phase, Denim Group sets the vision for the project from a macro-level planning perspective. Major risks associated with deploying the application, including ways people might abuse it, are identified along with the data that will need to be protected.

Planning
When the project enters this stage, Denim Group approaches the project from a micro-level planning perspective. Using threat modeling techniques, our security-savvy developers map out the features and safeguards that need to be implemented to protect the application.

Construction
Denim Group developers are security practitioners. We follow best practices in secure coding and support the code with static analysis tools and security testing toward the end of the construction phase.

Deployment
Denim Group deploys applications according to secure configuration guidelines and also uses post-deployment security assessment tools.

Strategic Relationships

Through strategic relationships Denim Group has created with leading software companies such as Fortify Software and Watchfire, Denim Group customers have access to industry-leading security scanning and protection software. This includes the full suite of Fortify 360 Vulnerability Detection Tools for which Denim Group holds a full site license. Denim Group is the first Fortify partner company to offer a trial version of Real-Time Analyzer (RTA) in applications we deploy.

Industry Best Practices and Standards

Denim Group principals are thought leaders in the industry, regularly participating as speakers at Open Web Application Security Project (OWASP) events and other security and development conferences on a national level. With such a high level of involvement, Denim Group remains in touch with industry advancements and best practices.