Security

Application security

Server and infrastructure security

Risk assessment

Security audits in collaboration with cybersecurity vendors

00-1

Application security

Framework built-in security (Symfony, Yii 2.0, Laravel)

OWASP recommendations for web security

Access management and password policy

Audit trail for user actions

Application security

We are committed to latest web and application security practices by utilizing built in framework tools, carefully selecting third party libraries and educating our developers on a daily basis. We recommend that our customers perform third-party security audits on both new and existing systems.

00-2

Server and infrastructure security

Firewall, backups, monitoring and VPN access control

Scheduled update and maintenance intervals

Application server lifetime policy

Maintenance contracts and SLA

Server and infrastructure security

Even with cloud based infrastructure regular server updates and maintenance is critical part of modern application life cycle. Docker virtualization helps to separate application security and infrastructure security in case customer has their own infrastructure team.

00-3

Risk assessment

Risk assessment matrix

Availability, Confidentiality and Integrity

Security policies and practice

People

Risk assessment

Every application must be secure but sometimes specific questions should be answered before developing the system: Will confidential information be stored? Do we need multi-factor authentication? Is high availability a priority? Application and infrastructure design should be selected based on the answers.

00-4

Security audits in collaboration with cybersecurity vendors

Source code review

Third party package review

Network scan

Web application scan

Third party security audit

To every new customer we recommend to hire a cyber security company which will perform security audit and together we can review recommendations and implement them if necessary. Such audit may be performed for new IT system before the launch and every one or two years during system's life cycle