luxoft software development

1. For more information about Luxoft, visit
www.luxoft.com
www.luxoft.com/technology/
case study
Section 508 Compliance Audit
for Security Product Suite
14.09.2012
uu Client: International independent software vendor
uu Business Area: Software publishing
uu Technology Set:
—— 2EE, WebServices, XML/XSD/ XSLT technologies for data handling and
modeling
—— C#, .NET for MS Visual Studio add-on,Java for Eclipse, and jDeveloper
plug-ins
—— Spring, Flex and SWT frameworks for features in thick tools and rich
clients
—— JAWS as screen reader application
uu Services Provided: Application evaluation, testing, audit, and
upgrade, System Development
uu Team size: 9 team members
uu Duration: 7 months
Summary
Perform an independent software audit to assess and ensure compliance to
Section 508 (Electronic and Information Technology) of the US Rehabilitation Act.

2. Challenge
Solution
The client, an international independent software vendor (ISV), had recently
acquired a suite of security analysis software for the business and government
agency markets. In order to market this product to the US government, it had to
comply with the standards in Section 508 (Electronic and Information Technology)
amendment to the US Rehabilitation Act that requires software used by Federal
agencies and departments is accessible to people with disabilities. The security
analysis software suite had to comply with the following technical standards in
Section 508:
§ 1194.21 Software applications and operating systems must be usable for
people with vision impairment. Usability requirements include alternative
keyboard navigation features and provisions for animation, color and contrast
settings, electronic forms, and ash rate.
§ 1194.22 Web-based intranet and internet information and applications must
be accessible to people with vision impairment that use assistive devices, such as
screen readers, to access information on the web.
The Security Assurance suite is a set of tightly integrated tools that identify,
prioritize, and fix security vulnerabilities in software. The suite includes a wide
range of tools that include ensure application security in thick clients, plug-
ins and add-ins, web-based tools, and server products. Luxoft evaluated and
upgraded seven applications in the Security Assurance software suite for Section
508 compliance by developing and executing specialized test cases for audit,
implementing changes for compliance, and performing the nal testing and audit
for client acceptance. In the first audit, Luxoft identified more than 1,200 Section
508 vulnerabilities.
02Luxoft - Case Study

3. Benefits
Customer Feedback
The client realized the following benefits from Luxoft’s software audit and
compliance upgrade:
uu The Security Assurance product is in compliance with US government
uu Standards and is available to sell to the large US government market
uu Artifacts provided by Luxoft:
—— Generic Section 508 Test Cases
—— JAWS conguration tips and tricks
—— Best practice knowledge base for development teams
—— Problems and solutions in knowledge base for development teams
—— Guidelines for teams to adapt development to the Section 508 standards
Detailed feedback is available on request.
03Luxoft - Case Study

4. About luxoft
Luxoft, a principal subsidiary of IBS Group, is a provider of advanced
application and software engineering outsourcing services for global and
regional enterprises. Luxoft builds partnerships with its clients, such as
Boeing, IBM, Deutsche Bank, UBS, Harman, Avaya, Alstom, and Sabre, based
on the culture of engineering excellence, innovation, and deep domain
expertise. Luxoft offers international delivery capability through its network
of state-of-the-art delivery centers in North America, Eastern Europe, and
Asia. Luxoft`s customers benefit from the right mix of technology skills,
industry knowledge, proprietary processes and methodologies, and a
choice of engagement models.
For more information about Luxoft, visit
www.luxoft.com
www.luxoft.com/technology/
© 2012 Luxoft