Navigating with TheCodingMachine: secure web projects
The world of web development is not without danger! You can’t necessarily avoid hackers, but you can try to defend yourself against them. Navigating this world with TheCodingMachine, we take the subject very seriously and explain how.
This article details our approach, the different stages and what we do. Join us on this adventure, where every line of code is a step closer to the treasure trove of IT security!
ISO 27001, our compass
Every good navigator needs a compass, and that’s where our ISO 27001 standard comes in. It’s there to guide us on the right course, away from hacker-infested waters. The document entitled “Secure IT Development Policy” provides a detailed overview of the measures and procedures put in place by TheCodingMachine to guarantee security in the development of IT projects. This policy is managed and monitored via the Zoho Projects project management tool. Specific security tasks, such as code audits and vulnerability tracking, are automatically integrated into project templates.
Navigation preparation
Right from the start of the project, a security manager is appointed, often the project manager, accompanied by a member of the technical management team. The first analyses of security issues are carried out, including access control, session management, encryption, logging, supervision and data sensitivity.
From the very first interactions with the customer, we prepare the journey: authentication, data protection, encryption.
This enables us to define the technical framework: architecture, RGPD, access controls (which “protocol”, which reinforcements), level of application hardening or even level of infra hardening. We make sure that every member of the crew knows his or her role on the ship. There’s no question of sailing by sight!
En Pleine Mer: Development
It’s on the high seas that storms can be encountered: source code management, choice of tools, code reviews…
Securing source code is a priority, with regular awareness of the top ten vulnerabilities according to OWASP.
The choice of Open-Source libraries takes security into account, with particular attention paid to updates and the community that supports them. Systematic code reviews are carried out to guarantee security and quality.
We scan the horizon to avoid hidden reefs of vulnerability.
The landing
Before going live, a final, thorough audit is carried out. SQL injections and security flaws are sifted through…
It’s time to monitor production data: there must be no production data in pre-production. If it is not possible to reproduce the problem, you should offer a ‘live’ reproduction, reading the logs in parallel whenever possible. If there is an absolute need to import production data locally, a procedure (including customer validation) must be followed, and it is necessary to consider anonymizing the data (and destroying the data at the end of the process).
Once the application has gone live, vulnerability monitoring helps to maintain its security. For example, at TheCodingMachine, we use a tool to check dependencies (CKC).
Conclusion
Sailing with TheCodingMachine guarantees a secure adventure in the tumultuous seas of web development. We promise you a journey as exciting as a treasure hunt, with the certainty of finding safe and reliable booty. So, are you ready to embark with us?
Note: if you’re interested in our dependency management tool (CKC), please don’t hesitate to contact me.
