Security Assurance
We focus on safety in all our work.
Security assurance - so you can sleep well
We understand how important the minimization of risk in all areas is to the overall health of your business. Taking this into account we have integrated security assurance procedures deeply into our processes.
- Much like we do with regards to quality we gather detailed information about your security requirements at the initial business analysis stage. We identify the most sensitive data and potential vulnerabilities and recommend the appropriate technology stack. Our applications regularly pass, external audits by specialized security companies - we encourage you to hire third a party auditor. At your request, we successfully implement industry-specific security requirements.
- We host your applications in a highly secure data cluster, protected by top-notch backup and recovery solutions, and are continuously monitored by 3e maintenance team. Your app's environment is regularly updated, we also routinely follow the guidelines of OWASP - an organization monitoring the most dangerous Web application security flaws.
- Your legal security is no less important for us. We take care to prepare transparent and concise agreements tailored specifically to your needs. These agreements, cover all the essentials like the project scope and phases, user acceptance criteria, payment obligations, confidentiality, SLA requirements, licensing and, intellectual property rights. We follow General Data Protection Regulation (GDPR) rules, which enables us to take the role of a Data Processor and sign the required data processing agreements.
Read more about SLA - Service Level Agreement
Ensuring quality and safety
- We operate based on the Test-Driven Development (TDD) methodology, involving the creation of engines for testing at the time of building (and extending) the system
- Database versioning
- We run automatic functional tests (Selenium2). We are the authors of an open-source library for developing automated tests in PHP
- We use the practice of continuous integration (Hudson)
- We comply with safety rules based on OWASP TOP 10
- Our solutions meet the requirements of the Inspector General for Personal Data Protection
- We have a separate team responsible for quality assurance: 3 testers, including 1 holding the ISTQB certificate
- We create and maintain current test scenarios/scripts
- We run manual and automated tests
- We test based on the xUnit framework
- Our solutions are tested on all browsers. We use functional tests based on Selenium2
Methods and practices:
- SCRUM,
- ITIL,
- Continuous integration practice,
- Functional tests (manual and automatic),
- Performance tests,
- Penetration tests,
- OWASP TOP10,
- Our solutions conform to the regulations of provisions of the Inspector General for Personal Data Protection.
This enables us to maintain a very high level of system availability and performance and to respond rapidly to changing requirements. We take responsibility for the solutions that carry out key processes for the functioning of an enterprise.