At Solutions2Share, we know you care about how your personal information is used and shared, and we take your privacy seriously by applying the strictest practices to our developments.
These best practices are gounded by the OWASP Security Design Principles:
- Minimize the attack surface: The goal of secure development is to reduce overall risk by reducing the attack surface.
- Establish secure defaults: By default, the experience should be secure, and it should be up to the user to reduce security – if they are allowed to.
- Least Privilege Principle: The principle of least privilege recommends that accounts have the least amount of permissions required to execute their business processes.
- Principle of Deep Defense: The principle of defense in depth states that in cases where a single control would be useful, multiple controls that address risks in different ways are better.
- Safe failure: Applications regularly fail to process transactions for many reasons. The way they fail can determine whether an application is secure or not.
- Don’t trust services: many organizations use third-party processing capabilities that most likely have different security policies and practices than you do. Therefore, implicit trust in externally operated systems is not justified. All external systems should be treated in a similar manner.
- Segregation of duties: Certain roles have a different level of trust than normal users. Administrators, in particular, are different than normal users. In general, administrators should not be users of the application.
- Avoid security by obscurity: security by obscurity is a weak security control that almost always fails when it is the only control.
- Keep security simple: developers should avoid using double negatives and complex architectures when a simpler approach would be faster and easier.
- Fix security problems properly: once a security problem is identified, it is important to develop a test for it and understand the root cause of the problem. When using design patterns, it is likely that the security issue is common across all codebases, so developing the right solution without regressions is critical.
- Secure release process: In addition to the principles for secure development, we use several tools during our release process to mitigate risk and avoid common pitfalls before each release and deployment.