MarketPush developers and engineers follow secure code practices that span the Open Web Application Security Project (OWASP) top 10 security risks and common attack vectors. To limit these security risks, MarketPush leverages secure open-source frameworks with security controls. These inherent controls reduce our product exposure to SQL injection attacks (SQLi), cross-site scripting (XXS), and cross-site request forgery (CSRF).
MarketPush uses the following principles to guide the SDLC process:
- Quality at every step of the development process
- Continuous integration and release qualification
- End-to-end test automation for velocity and repeatability
- Phased product rollout with continuous customer feedback
- Root Cause Analysis (RCA) process for continuous improvement
When creating a new product, MarketPush follows the following release process:
- Definition: Content and features are finalized for release. The development team, product management and support teams review and commit to requirements.
- Development: Documentation is designed, tests are planned, and code is reviewed according to secure coding standards.
- Hardening: Features are tested with an additional focus on stress tests, as well as scans for security vulnerabilities.
- General availability: New features and functionality are made available for customer use.