exomark > communicate > security

Security

Exomark has worked with a number of companies for whom high-security is an absolute must. We are experienced in dealing with sensitive information, and implement the appropriate security measures for every project initiative we take on.

As a result of our experiences in working with large enterprises, we have developed well balanced physical and digital security measures which we incorporate into all web development projects. It is important to note that at Exomark we develop every aspect of our Web sites in-house; this renders tight security, as the code is custom-developed for each client, making it more difficult to intercept.

PREVENTATIVE

  • We train every employee to our internal security standards.
  • We routinely visit black hat and security related sites to gain knowledge and see trends.
  • We are members of ISECOM - Institute for Security and Open Methodologies.
  • Our programmers regularly take online security courses, and also fully review coding best practices from their respective software vendors.

MONITORING

  • We always test first before we install any OS or software patches, hot fixes and services packs, and/or hardware firmware's. Only required services are running on our equipment.
  • We have hardware and software security installed; however, we also randomly check our systems for malware, virus, worms, rootkits and any other type of hacks.

PLANNING

  • Each client may have their own security methodologies, so we review, comment, and adhere to their security requirements.
  • We find out which programming language, OS, hardware, and software we are developing for, and then work with the client to develop a code testing checklist.
  • We identify any potential threat areas and plan accordingly.

DEVELOPMENT

  • As we are programming we run our code at predetermined points and audit them with a different developer so as to not become complacent with our security policies - this ensures friendly competitive quality code development within Exomark.
  • Quality Assurance - everyone at Exomark is responsible. We don't check for quality at the very end; we do so throughout the entire design and development phase.

TESTING / SCHEDULED LONG-TERM REVIEWS

  • We review and test our code against the agreed testing checklist.
  • We document the tools we use on each project, and if any security threats are later discovered we make the fix or notify the client of the potential vulnerability with our code.