Go to content|Go to the main menu|Go to search

edhouse-CookieGdpr-Policy-s
0863657
2
/en/gdpr/
186650B6A

Strengthening Security through the Secure Software Development Lifecycle

Science / Analytical

For Thermo Fisher Scientific, we set up a security-oriented environment for web application development in line with corporate standards. The project strengthened security controls across the entire development process.

Thermo Fisher Scientific

Customer

Competences

Cyber Security

Technology

Audit

About the Case Study _

Benefits for the customer:

  • Reduced time requirements for the customer by delegating the analytical part of the project to Edhouse,
  • The acquired know-how is now applied in other projects we deliver for the customer.

 

For our long-standing customer Thermo Fisher Scientific, we actively participated in setting up a security-oriented environment for the development of web and other applications. We were involved in assessing vulnerabilities in both the application and the development toolchain.

At Edhouse, we performed a security audit of the SW Library application. This web application is used to manage software packages and has been developed long-term by the Edhouse team.

The first step was to analyze the current state and configuration of the source code management platform (GitLab). Based on the analysis, we decided to use the GitHub platform, which provides advanced security features.

We reviewed the application development and deployment process, looked into user management, and set up and evaluated the outputs of source code analysis using CodeQL. We activated secret scanning and Dependabot. This was followed by the automatic generation of an SBOM document to describe the application components in the internationally supported CycloneDX format. The platform now alerts developers when they use an internal or external component without specifying its license and thus its origin. After documenting the components, cryptographic algorithms, and static analysis (SAST) outputs, we performed a dynamic analysis (DAST), using the comprehensive capabilities of the Qualys platform.

The development team received the results of static and dynamic code analysis and recommendations for corrective actions in a format that complies with the customer's internal standards. Corrective actions will be gradually incorporated into subsequent stages of product development. Automatic static and dynamic analysis will ensure continuous source code security checks now and in the future.

Throughout the project, we consulted the solution with security experts from the Thermo Fisher Corporate Infrastructure & Security team. This collaboration further strengthened our partnership and deepened our expertise in delivering CyberSec projects.

Contact us

Are you interested in a similar solution or are you interested in the details of the project? Leave us a contact. We'll get back to you and be happy to discuss anything you're interested in.

The form was submitted successfully. Our sales manager will contact you as soon as possible with an offer of cooperation.

another case study

Web Application Security Analysis in Microsoft Azure

Web Application Security Analysis in Microsoft Azure

The customer, 8BC, asked us to assess the resilience of their new Azure-based web application against cyber threats. Our analysis provided them with an overview of the current security status along with concrete recommendations on how to strengthen cybersecurity and reduce the risk of outages.

View study

Edhouse newsletter

Get the latest updates from the world of Edhouse – news, events, and current software and hardware trends.

By signing up, you agree to our Privacy Policy.

Thank you for your interest in subscribing to our newsletter! To complete your registration you need to confirm your subscription. We have just sent you a confirmation link to the email address you provided. Please click on this link to complete your registration. If you do not find the email, please check your spam or "Promotions" folder.