Page 16 - KrizmaSoftware_CompanyProfile v24.03.7

P. 16

Security

System and software security of the developed applications is one of the basic and most important work
items.

• System Security
Business processes such as server, network, domain, and system security require separate
management. For this reason, we prefer to receive these services from expert
organizations.

90% of the developed applications are web-based and hosted in the cloud environment. In
accordance with customer requirements, applications are hosted in the systems of enterprise cloud
service companies recommended by Krizma, in the customer's own data center, or in the systems of
cloud service companies with which the customer has a contract.

• Software Security

Software Security business processes are carried out by our company. Pre-deployment
penetration testing and code analysis services are received from companies that are
accepted by our company or recommended by the customer and are qualified as
laboratories.

Software security measures are taken by considering the following web software security risks specified in
the "OWASP TOP 10" report published periodically by the Open Web Application Security Project (OWASP).

• Broken object level authorization • Server-side request forgery

• Broken authentication • Security misconfiguration

• Broken object property level authorization • Lack of protection from automated threats

• Unrestricted resource consumption • Improper asset management

• Broken function level authorization • Unsafe consumption of APIs

COMPANY PROFILE – MARCH 2024 15

11 12 13 14 15 16 17 18 19 20 21