Sharing is Caring: Cybersecurity Practices at Symfa

undefined
4 min read
Best Practices
Enterprise
Startup

Apart from clean and efficient code, security and privacy are our top priorities at Symfa. We adhere to Symfa Security Policy, which outlines our security practices and procedures that we regularly review and improve to ensure our clients' data and systems are protected. In this article, we’ll share with you some basic security principles from our leaders that we follow in order to protect our clients’ digital assets.

Table of Contents

  • Secure Development Lifecycle
  • DevSecOps
  • Disaster Recovery Plan
  • Coming Soon: Symfa's Software Security Guide

Secure Development Lifecycle

Andrew Zhilitsky,

By following SDL best practices, we ensure that security is embedded into every stage of the software development lifecycle. This allows us to minimize vulnerabilities and boost our overall security posture.

Our secure coding practices and guidelines are based on OWASP standards and include various measures such as: strong authentication and password management using MFA or biometric authentication, proper access controls for different users and roles, end-to-end data encryption to protect sensitive information. Our other strong security coding practices comprise secure communication protocols to prevent unauthorized access or interception, input validation and sanitization to avoid injection attacks or malicious code, error handling and logging to monitor and troubleshoot issues, and third-party dependencies tracking to ensure up-to-date and secure software components.

For code review, we use a mix of OWASP-recommended SATS tools and human verification of the results to ensure code quality and security. Some of the tools we use are: OWASP SonarQube Project, OWASP Orizon Project, OWASP LAPSE Project, OWASP O2 Platform and OWASP WAP.

Security testing is an integral part of the global Quality Management Program. This way, all the deliverables are tested for security issues such as vulnerabilities, penetration and other risks. Our testing team uses comprehensive checklists that test various aspects such as configuration and deployment management, identity management, authentication, session management, input validation, weak cryptography and business logic.

DevSecOps

Alexander Pampurin

We follow carefully elaborated DevSecOps practices that ensure our teams operate safely in the client’s virtual environment. 

We use remote desktops (VPN access only) for different roles and purposes, such as Microsoft Remote Desktop for BAs, PMs and DMs, and KVDI for developers, QA and DevOps. We store our code in GIT repository in Azure DevOps (access via dedicated corporate account with MFA), apply additional access policies for the client repositories and branches in the Azure cloud and establish separate working environments with different access levels for each talent. Jira Atlassian or Azure DevOps are our choices for issue tracking (access is managed by the client or Symfa) and Confluence Atlassian is our knowledge base storage (access is managed by Symfa).

Disaster Recovery Plan

Ivan Kuzmich

A formal Disaster Recovery Plan at Symfa is aimed to restore quickly the network file servers and infrastructure in the event of a disaster, so that the digital assets of our clients remain intact. We do BCP/DR backup rotation with annual DR tests completed. To prevent loss of systems, backups and systems checks are done on a monthly basis. Checking all the facilities regularly and having backup hardware available is a vital routine practice at Symfa. To address talent shortages in case we need more employees to support our systems, we’ve created a pool of pre-qualified candidates and emergency subcontractors.

Coming Soon: Symfa's Software Security Guide

Wait for our comprehensive Symfa Software Security Guide, where, besides a more detailed coverage of the above aspects, we’ll talk about Network/Infrastructure security, Data security, and Regulatory compliance principles that Symfa's teams adhere to. We’ll also shed some light on how we follow security protocols for our major clients working in a strictly regulated environment.

Stay with Symfa for regular updates on the best software development practices and topical industry insights.

Credits

Nika Chizh
Nika Chizh

Senior Copywriter and Digital Marketer

Nika is a passionate content creator for the IT industry. Her top favorites are Quality Assurance, Business Intelligence, Microservices, and Business Analysis. You can find her articles published by Forbes, DZone, Tweak Your Biz, DevOps, and Medium. When she’s not digging into a new topic for the AIS corporate blog, she’s out training her rescue pup or taking online carpentry classes.

Nika is a passionate content creator for the IT industry. Her top favorites are Quality Assurance, Business Intelligence, Microservices, and Business Analysis. You can find her articles published by Forbes, DZone, Tweak Your Biz, DevOps, and Medium. When she’s not digging into a new topic for the AIS corporate blog, she’s out training her rescue pup or taking online carpentry classes.

More Like This

BACK TO BLOG

Contact us

Our team will get back to you promptly to discuss the next steps