Logo Navixia

Follow us linkedintwitterrss

Version française, service de signature de code: cliquer ici

Code signing

Code signing is the best and most recommended technical protection against malicious code. 

After your code has been subjected to a secure code review, a process which tests and validates any piece of code that is relevant to security, safety can be taken one step further: the code can be digitally signed so that it is "stamped" as secure. Code signing aims at confirming the identity of the software author while guaranteeing that the code has not been tampered with or corrupted since it was last verified and signed.

We strongly recommend that at least your Office macros should be signed, as they are very vulnerable elements of code in your network and may all too easily become a weak link in your IT security. 

Code/Macro signing, although highly recommended, is a time consuming process which requires specialised resources and knowledge that may not always be available internally. Navixia's team of experts will be happy to assist you.

The extent of the code/macro to analyse will first be defined with you. We will then perform a secure review of that code in compliance with a strict methodology based on the OWASP standard. This methodology ensures that a structured process is followed and provides you with a standard against which the assessment can be measured. We will then report any issue identified during the audit and the recommended corrections to the code. Once the code has been corrected accordingly, we will sign it, either with a certificate you provide or with a Navixia certificate. Such a certificate attests to the fact that your code is secure and that any macro it contains is not only secure but will remain so under any type of use.

We will then guide you in setting up your company environment to allow a proper implementation and use of the signed code (MS Office configurations, GPO setup, etc.).

The code/macros must be signed again whenever any modification is performed.

  • Preliminary discussion, aimed at defining the extent of the code to be checked.
  • Thorough review of the full code or of differential code in the case of re-signature.
  • Overall project management
  • Detailed report listing all issues identified during the code review and their potential consequence for your security, as well as all recommended protective actions.
  • Code/Macro signing, either with the certificate you provide or with a Navixia certificate.
  • Assistance and advice in the initial setup of your company environment so that it is configured to use the signed code. 

An extreme level of reciprocal trust is necessary between the parties involved in code signing, which implies a number of preliminary discussions and very strict security guidelines.

Navixia is a renowned specialist in the field of security and can rely on a team of senior professionals all with a long-standing experience in their respective field of activity. Some of them are widely recognised experts. They are daily confronted with the latest technological advances. Their respective expertise makes it possible to cover all aspects of security. Navixia can vouch for their absolute trustworthiness and their complete integrity.

Navixia subscribes to the principles of the international standard ISO 17799 (BS7799) – a code of practice for information security management.

You may also want to read our pdfinformation datasheet on our digital code signing service.

For obvious reasons, no details of our audit methods are listed in this page.

The duration of a code review depends on the extent of the code to check.

Each company is unique.
We remain at your disposal at any time to discuss any code signing related issue in more detail or provide further information - without any engagement.

More about Security Assessments

Navixia performs security assessments tailored to your needs, which greatly improve the reliability of your network.

Download our datasheets

pdfExternal Assessments

pdfInternal Assessments

pdfWeb App Assessments

pdfSecure Code Review

pdfDigital Code Signing

 

More about Navixia

For more information

Navixia SA

Route du Bois 1
CH-1024 Ecublens
Switzerland

Tél. +41 21 324 32 00
Fax. +41 21 324 32 01

Contact and location

© 2017 Navixia SA
*