Core parts of our approach to security involves diligent processes around our software development. We outline few measures we take to ensure secure development at Adaface here. If you want to read more about our approach to security, you can read here.
Security skills and gaps
To ensure our software development lifecycle is secure, we set policies and processes to upskill everyone involved in software development. This involves identifying the skills required to understand security and continuous plan to train our employees using training programs.
Software development today depends on many open-source libraries. We ensure that we are only using secure open source libraries. We have recurring events to scrutinize our codebase and identify opportunities to strengthen our external dependencies. This involves making sure we are using uptodate and secure versions of all our dependencies.
Testing and development guidelines
All of our developers are mandated to follow our application testing and development guidelines. We ensure our employees know about best industry practices and potential vulnerabilities about the tech stack they use. We also include business impact analysis to make sure our employees are inline with our clients motives and understand how the following best software development practices nurtures and strengthens our customers trust.
We have recurring events to test our platform against potential vulnerabilities and security weaknesses - this includes basic tests for SQL injection attacks, buffer overflows, XSS scripting etc as well as penetration testing and red team exercises.
Troubleshooting and recovery processes
We train our developers on how to assess and take action on new information (e.g.,software updates, patches, security advisories and threat bulletins) to identify and remediate vulnerabilities attackers could otherwise use to penetrate their networks. This is one of the core parts of our data breach and mitigation processes-
- analyzing event logs to detect anomalous incidents
- investigating them
- notifying our clients with accordance to our compliance policies
- recovery processes and communication
- prioritize analysis and future proofing our software from future occurrence of such events