Secure Software Development Practices

Secure Software Development Practices

Software security

Preventing security incidents and mitigating the risk of security breaches is a foremost priority in Diri AS. We are contiuously working to improve our software security.

Secure coding practices

Developers follow secure coding practices such as avoiding input validation issues, preventing injection attacks, and properly handling errors and exceptions.

Regular vulnerability testing

We regularly test software applications for vulnerabilities, such as those identified by the Open Web Application Security Project (OWASP).   The in-application security is enforced with a web application firewall that enforces the OWASP best practice rule set.

Code reviews

Diri AS conducts regular code reviews to identify potential security issues and provide feedback to developers.

Secure configuration and attack surface management

Diri AS ensures that all software components, including web servers and databases, are securely configured to minimize the risk of exploitation. Our SaaS-infrastructure is continuously monitored using vulnerability scanning.

Secure deployment, updates, and patching

Follow secure deployment practices, such as implementing secure communication protocols, limiting access to deployment infrastructure, and properly securing secrets.

Regular updates and patching

Regularly update software and apply security patches to ensure that vulnerabilities are addressed in a timely manner. Patch notifactions are sent to active users no later than one week before major changes. Minor updates and bugfixes are deployed continuously with patch notes published in our community portal.

Pre-deployment checks

Before deploying a new version of the application, Diri AS ensures that all pre-deployment checks have been completed, such as rigorous code testing, verifying that the environment is correctly configured and all necessary dependencies are installed. Diri AS has processes and tooling for both automated and manual software testing.
The test environment is primarily in use for the developers. The staging environment is used for further testing and verification that the application is functioning correctly and there are no issues with the deployment. Once the application has been verified in the staging environment, we conduct user acceptance testing to ensure that it meets the needs of users.

Post-deployment checks

After deployment, it's important to conduct functionality testing to ensure that the application is working as expected. This may include verifying that all features are functioning correctly and that users are able to access the application and its various functions.
Security testing: Diri AS conducts security testing and monitoring to ensure that the application is secure and that there are no vulnerabilities that could be exploited by attackers.
Performance testing: Diri AS montitors and conducts performance testing to ensure that the application is able to handle the expected load and that it is running efficiently. This includes load testing, stress testing, and other performance assessments. The Diri application runs a scalabale infrastructure and more resources can be added as needed.

Logging and monitoring

Diri AS logs and monitors the application to detect and respond to security incidents in a timely manner.

Incident management

Diri AS is a small company with a dedicated software development team. In the event of an incident, this team functions as an incident response team lead by the CTO or the CEO to ensure that any security incidents or other issues with their SaaS application are identified and resolved as quickly and effectively as possible. The policy includes procedures for detecting and reporting incidents, as well as for responding to and resolving them. In the event of an incident, Diri AS's incident management team will work to contain the issue, investigate the root cause, and take steps to prevent similar incidents from occurring in the future. The policy also includes provisions for communication with stakeholders, including customers and regulatory authorities, in the event of a significant incident. By following this policy, Diri AS can minimize the impact of incidents on their SaaS application and maintain the trust of their customers.

    • Related Articles

    • Diri Security

      Diri provides Software as a Service(SaaS) products to our users to solve their business problems. Security is a key component of our offerings and is reflected in our people, processes, and products. This page covers topics like data security, ...
    • Data processor agreements

      Please contact us for more info