How Desktop Central precludes possible vulnerabilities during development process?
Security has always been our utmost priority and we provide top-notch measures towards securing your network. A secured network refrains your organization from becoming victims of security breach and sabotage. The journey from discovery of a vulnerability till release of patching solutions is of paramount importance.
Desktop Central handles the prevention of possible vulnerabilities during the development process, also when a vulnerability is reported extrinsically.
Here's how we prevent vulnerabilities during the product development cycle.
Feature Release Testing
We follow testing procedures at different stages of feature development to ensure that our products are not prone to cyber attacks. We follow the standards advised by Open Web Application Security Project (OWASP) while testing.
- Before our developers work on a new feature, a team of security experts assess the Architecture and Design of the feature. The main focus of this review is to ensure that the communication process follows the required security norms.
- Once the development of the feature is completed, the development code is reviewed by our Internal Security Team who evaluate the code for any violations of coding and security standards.
- Before releasing the feature to the public, we perform a round of Blackbox and Whitebox testing. This is essentially done to ensure that the feature functions as expected and the code is scrutinized for other flaws.
Periodic Product Testing
We have a dedicated Security Team who periodically test all our products and the development code. The following tests are performed on our products on a regular basis :
- We use in-house tools to perform a Static Code Analysis where we check the entire product code repository for any code level vulnerabilities.
- A Penetration Test is performed annually by our security team. Generic security tests are performed in addition to the following tests :
- Authentication Testing - To identify any flaws in the different authentication procedures of our products
- Authorization Testing - To check if the different user roles and permissions have been assigned correctly
- Security Misconfiguration - Our products use different third-party components and all the configurations used by these components are checked.
- Input Validation Testing - This test is performed before every feature release. The main purpose is to prevent Cross Site Scripting (XSS) attacks. We also have an in-built filter in our products to prevent such attacks.
Here's how Desktop Central addresses vulnerabilities reported by an outsider.
Extrinsic vulnerability reporting
Despite following aforementioned procedures, if any vulnerability is detected in our products by an external tester, we ensure that it is patched and the fix is released at the earliest. The following steps are taken in such cases :
- Analyze - We analyze the genuinity of the reported vulnerability
- Hunt for the fix - We find the fix as early as possible
- Test - Tests are conducted to ensure that all the security measures are in place and will completely protect your network against any threats
- Release - The fix for vulnerability is released to the customers
Release process to the customers
Here's how we release the vulnerability fixes to our customers :
- We have a separate Security Sub-forum that facilitates vulnerability-related posts
- Release of security updates - Regular updates, customer fixes and security updates are released at frequent time intervals
- Make public announcements on vulnerabilities and fixes :
- Keep the customers updated by making announcements in the product console
- Cover security updates in the product Newsletters
- Based on the severity of the vulnerability, we trigger on-demand mails to the customers