Cognidesk uses an agile development process that includes independent validation steps run by a separate quality team. This allows for effective prioritization of remediation efforts and provides security feature requests into the application. Developers are trained in web application security, including, but not limited to the Open Web Application Security Project (OWASP) Top 10.
Application Security Team
Cognidesk has a team of engineers who are serious about security implementation and security training is integrated into the software development program. They own the customer penetration-testing regime and have an overall view of the application security environment.
Security and Penetration Testing
Cognidesk’s security including penetration testing regime is a vital component of its development practices and as a result the security testing program is wide-ranging and extensive. Some of the important testing done include checking of threats from:
1. SQL Injection
2. Broken Authentication and Session Management
3. Sensitive Data Exposure
Security of Docker Containers
Security of containers is being ensured by running "Docker Bench for Security", an open source tool for automatically validating the configuration of a host running Docker containers.
It performs several tests that are part of the Docker CIS benchmark, such as:
1. Host Configuration
2. Docker daemon configuration
3. Docker daemon configuration files
4. Container Images and Build File
5. Container Runtime
6. Docker Security Operations
7. Docker Swarm Configuration
8. Scanning docker images