Development teams don’t always consider the most secure ways to write code, with their focus often on delivering the product on time and with the desired functionality. SureCloud’s development team training can provide advice on secure code practices to ensure that applications don’t expose sensitive information unnecessarily as well as providing guidance and assurance for secure coding best-practices.
Training also advises on issues that are commonly seen during post-deployment penetration testing such as securely creating and configuring necessary application services and ensuring permissions are sufficiently restricted (for example, creating a user account to run a specified service and ensuring user permissions follow the principle of least privilege). The same methodology applies to segregating database users and roles, and file permissions for installed thick-client applications. Training can also be provided to focus upon securing source code repositories for safely storing code that may contain sensitive information, such as development consultancies with different client projects or intellectual property.
One of the main goals of SureCloud’s development team training service is to work alongside your development team and project managers to re-work existing processes to align with best-practices, aiming to build a strong foundation for security assurance.