Code signing is the best and most recommended technical protection against malicious code.
After your code has been subjected to a secure code review, a process which tests and validates any piece of code that is relevant to security, safety can be taken one step further: the code can be digitally signed so that it is "stamped" as secure. Code signing aims at confirming the identity of the software author while guaranteeing that the code has not been tampered with or corrupted since it was last verified and signed.
We strongly recommend that at least your Office macros should be signed, as they are very vulnerable elements of code in your network and may all too easily become a weak link in your IT security.
Code/Macro signing, although highly recommended, is a time consuming process which requires specialised resources and knowledge that may not always be available internally. Navixia's team of experts will be happy to assist you.
The extent of the code/macro to analyse will first be defined with you. We will then perform a secure review of that code in compliance with a strict methodology based on the OWASP standard. This methodology ensures that a structured process is followed and provides you with a standard against which the assessment can be measured. We will then report any issue identified during the audit and the recommended corrections to the code. Once the code has been corrected accordingly, we will sign it, either with a certificate you provide or with a Navixia certificate. Such a certificate attests to the fact that your code is secure and that any macro it contains is not only secure but will remain so under any type of use.
We will then guide you in setting up your company environment to allow a proper implementation and use of the signed code (MS Office configurations, GPO setup, etc.).
The code/macros must be signed again whenever any modification is performed.
An extreme level of reciprocal trust is necessary between the parties involved in code signing, which implies a number of preliminary discussions and very strict security guidelines.
Navixia is a renowned specialist in the field of security and can rely on a team of senior professionals all with a long-standing experience in their respective field of activity. Some of them are widely recognised experts. They are daily confronted with the latest technological advances. Their respective expertise makes it possible to cover all aspects of security. Navixia can vouch for their absolute trustworthiness and their complete integrity.
Navixia subscribes to the principles of the international standard ISO 17799 (BS7799) – a code of practice for information security management.
You may also want to read our information datasheet on our digital code signing service.
For obvious reasons, no details of our audit methods are listed in this page.
The duration of a code review depends on the extent of the code to check.
Each company is unique.
We remain at your disposal at any time to discuss any code signing related issue in more detail or provide further information - without any engagement.