Safeture practices extensive processes and controls to ensure application security. All Safeture engineers utilize common best practices defined by standards like OWASP, NIST and CIS Benchmark.
Secure Software Development Lifecycle (SSDLC)
At least annually, engineers participate in secure software training covering OWASP Top 10 security risks, common attack vectors, and Safeture security controls. All developers are required to follow the SSDLC.
Framework Security Controls
Safeture leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF), among others.
Our Quality Assurance (QA) department reviews and tests our code base. Dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.
Testing and staging environments are logically and physically separated from the Production environment. No customer data is used in our development or test environments.