What measures has Eye-Able® implemented to ensure safe use?
Development, operation and continuous security of applications through policies, secure deployment processes, testing and vulnerability management
Eye-Able® Application-Security Framework
Eye-Able® operates a comprehensive Application-Security Framework that organizes and technically regulates secure development and deployment. There are documented, approved, and regularly updated policies for Application Security, which define minimum requirements, SDLC processes, development standards, and testing guidelines.
Security Requirements in the SDLC Process and for Each Application
The SDLC process integrates security requirements from the beginning in design, development, testing, and operation. For each application, binding technical and organizational security requirements are set based on the risk assessment.
Testing Strategy and Process Automation
The testing strategy includes automated static and dynamic analyses (SAST/DAST), manual code reviews, and security approvals before Go-Live. Build, test, and deployment processes are automated whenever possible in controlled CI/CD pipelines.
Handling and Tracking Security Vulnerabilities
Security vulnerabilities are prioritized, treated, and documented according to standardized procedures. The remediation of critical vulnerabilities is preferably automated and tracked centrally.
Alignment with Standards and Consistent Security Level
All measures align with recognized standards (e.g., OWASP ASVS, ISO 27002) and are documented in a way that ensures compliance. This ensures a consistent security level across the entire lifecycle of an application.