Security is an integral part of our software development life cycle
We continuously adapt our security practices, tools, and techniques to embrace new technologies and protect against an evolving threat landscape. We conduct security design reviews and threat modeling workshops to identify potential issues during the architecture and design phases of product development, a well as pre-release testing.
- “Shift-left” approach: Threat modeling, attack surface analysis, security architecture analysis, and other techniques are employed at early phases of application conception.
- Secure coding: Corporate-wide training for all developers, QA engineers, product managers, and architects includes mandatory training on the OWASP Top 10 Security Risks.
- Testing: During product development, static code analysis and libraries audits are performed on a daily basis. Before release, each product also goes through one or more penetration tests. Policies in place prevent release of products with known high or critical vulnerabilities.