MarketPush developers and engineers follow secure code practices
that span the Open Web Application Security Project (OWASP) top
10 security risks and common attack vectors. To limit these
security risks, MarketPush leverages secure open-source
frameworks with security controls. These inherent controls
reduce our product exposure to SQL injection attacks (SQLi),
cross-site scripting (XXS), and cross-site request forgery
(CSRF).
MarketPush uses the following principles to guide the SDLC
process:
- Quality at every step of the development process
- Continuous integration and release qualification
-
End-to-end test automation for velocity and repeatability
-
Phased product rollout with continuous customer feedback
-
Root Cause Analysis (RCA) process for continuous improvement
When creating a new product, MarketPush follows the following
release process:
-
Definition: Content and features are
finalized for release. The development team, product
management and support teams review and commit to
requirements.
-
Development: Documentation is designed,
tests are planned, and code is reviewed according to secure
coding standards.
-
Hardening: Features are tested with an
additional focus on stress tests, as well as scans for
security vulnerabilities.
-
General availability: New features and
functionality are made available for customer use.