Security has always been key to software applications. Yet, as cyberattacks become more common, more sophisticated and more malicious, the need for software that is truly secure by design is now more crucial than ever. That’s why Cegeka’s software development culture increasingly focuses on producing secure code: our software engineers take security into account at every stage of the software development cycle – from planning through to building and deploying the software.
Our software engineers embed security in every stage of the software development cycle – from planning through to building and deploying the software.
Planning: defining relevant security features
In fact, producing secure applications starts before the actual software building phase begins. Cegeka kicks off every software development project with a series of workshops to clarify your expectations and needs. During this foundation phase, the project team prepares a list of functional and non-functional requirements, including security features like authorization and authentication.
Learn why the foundation phase is the basis for software success
How we define the security features needed
Factors like the type of application and the usage environment have an obvious effect on the security requirements. An app used for a one-off marketing campaign, for example, will require less embedded security than complex applications that contain sensitive data, such as the application we built for Kind & Gezin to calculate and pay family allowances.
Building and deploying: ensuring security throughout software development
When designing your application, while writing the code and just before deploying your software, we adhere to a wide range of best practices to uncover and correct vulnerabilities – and, as such, reduce the risk of potential security issues. Best practices include:
- Threat modeling: we identify probable cyberattacks and add relevant countermeasures to our applications;
- Code quality reviews: automatic, continuous code reviews – often complemented by manual tests – help to find potential weaknesses in code and fix them;
- PEN (penetration) testing: before deploying an application, security professionals from our Security Operations Center (SOC) simulate possible attacks to spot vulnerabilities that might have been overlooked by our software engineers;
- Checking the security of open-source software: using Open Web Application Security Project (OWASP) tools, our applications are constantly scanned to detect open source vulnerabilities and verify compliance with open source licenses.
Compliance with open source licenses
The software we build is not built totally from scratch. Every application includes a great deal of open source software, which, if not managed well, poses a security threat. To minimize and/or mitigate security risks, we constantly monitor our applications using the OWASP top 10 report as a guideline. OWASP outlines security concerns for web applications, helping us to spot vulnerabilities in authentication, sensitive data exposure, broken access controls, security misconfigurations, etc. while we’re developing and testing applications. Our open source software-related best practices are laid down in a compliance policy that describes how to use, contribute, audit and distribute open source software.
Adopting the right ways of working
With the need for strong security and compliance during the software development cycle growing exponentially, Cegeka has invested big in training sessions for the software team. Moreover, we constantly share best practices, policies and checklists to ensure that security is firmly embedded into the DNA of our digital factory.
In addition to our software developers, our sales teams increasingly highlight and consider ‘security’ and privacy aspects in their offerings. Thanks to our security-first approach, you can rest assured that your software meets the highest-possible security requirements and complies with all security-related laws and regulations.
It is key for everyone involved in the project to embrace a security-centric mindset, from software developers to sales reps.