Not all weaknesses can be detected efficiently using technical means. A security architecture review (SAR) helps to identify weaknesses in a solution or product - ideally before any effort is made to implement it. However, a security architecture review can also make sense after the solution has been implemented in order to identify weaknesses, particularly at the interfaces and in the interaction of individual components. Benefit from a review that includes all parts of your architecture and corresponds to a holistic approach to security.
A security architecture review is carried out in line with the respective development progress. The following elements are part of our review process and can be adapted to your technology stack:
We review the existing documentation as part of a document study. Depending on the technology stack of the architecture to be reviewed, we focus on design specifications, system design, operating documents, interface descriptions, network plans and diagrams.
As the existing documentation does not always reflect the most up-to-date status, we supplement the first step with interviews and workshops together with your specialists where appropriate and necessary, thus completing our understanding of the overall architecture.
The information collected is now compiled into an overall picture. This is compared with relevant best practices and reference architectures to identify possible improvements and weaknesses.