Software Security

Our first step is choosing the right libraries. This is the moment that has a significant impact on the entire project as it affects how the further development of the product will look like and whether it will be easy to work on. The libraries selected should be well-known, up-to-date and verified.

Then, at the stage of custom code creation, we educate the entire team about good practices related to software security. This includes, but is not limited to, implementing user authorization systems and assigning users access to appropriate resources.

At the next stage, we perform a code review inside the teams. We check if there are any potential vulnerabilities in the software. We also do a design review, during which we also sometimes find some risks, thanks to which we can eliminate them immediately.

We perform a security review for selected issues. It concerns user access to resources, payment systems and integration with third-party providers.

The last step is continuous integration using Gitlab CI. Finally, we perform E2E tests, more about which you can read here.

We also deal with auto-deployment as well as staging and production environments that allow us to test the feature that we deliver in a real environment.