Table of contents
...
Do you work a secure software development life cycle and implement secure coding standards/practices, security audit and code reviews before application/software is released to production?
We (startup) currently trust in code reviews by our Minsk development team. Also, our investor undertook security audits when accepting our latest version. Dependencies (with some exceptions in the inject script where we use a fork of jQuery) are kept up to date firstly by the development team and secondly by Maven and our CI pipeline. As Software Testing Standard we use ISO 29119. . On all major releases, we let a Swiss Security Company conduct penetrations tests against our services and code. The latest penetrations tests reports will be sent to any interested parties, after having the appropriate NDA in place.
Is there a user access management (incl. user enrolment, user password management, privilege management, secure storage of user credentials, etc.) available?
...
Yes. When we build our software we scan the built containers with Harbour. The containers are scanned with the Library Trivy.