Core parts of our approach to security involve diligent processes around our software development. In this post, we have outlined some of the measures that we follow to ensure a secure development process at Adaface. If you want to read more about our approach to security, you can read it here.
Security skills and gaps
To ensure our software development lifecycle is secure, we set policies and processes to upskill everyone involved in software development. This involves identifying the skills required to understand the security and a continuous plan to train our employees using training programs.
Software development today depends on many open-source libraries. We ensure that we are only using secure open-source libraries. We have recurring events to scrutinize our codebase and identify opportunities to strengthen our external dependencies. This involves making sure we are using up to date and secure versions of all our dependencies.
Testing and development guidelines
All of our developers are mandated to follow our application testing and development guidelines. We ensure our employees know about the best industry practices and potential vulnerabilities about the tech stack they use. We also include business impact analysis to make sure our employees are in line with our clients' motives and understand how the following best software development practices nurtures and strengthens our customer's trust.
We have recurring events to test our platform against potential vulnerabilities and security weaknesses - this includes basic tests for SQL injection attacks, buffer overflows, XSS scripting, etc as well as penetration testing and red team exercises.
Troubleshooting and recovery processes
We train our developers on how to assess and take action on new information (e.g., software updates, patches, security advisories, and threat bulletins) to identify and remediate vulnerabilities attackers could otherwise use to penetrate their networks. This is one of the core parts of our data breach and mitigation processes-
- Analyzing event logs to detect anomalous incidents.
- Investigating them.
- Notifying our clients with accordance to our compliance policies.
- Recovery processes and communication.
- Prioritize analysis and future-proofing our software from future occurrences of such events.