Cryptshare Security Measures & Methods: Unterschied zwischen den Versionen
Aus Cryptshare Documentation
Keine Bearbeitungszusammenfassung |
(SSL Checks updated) |
||
| (Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
As a security product, Cryptshare is developed using numerous methods aiming to mitigate and prevent functional issues as well as common security risks like the [https://owasp.org/www-project-top-ten/ OWASP Top Ten]. | As a security product, Cryptshare is developed using numerous methods aiming to mitigate and prevent functional issues as well as common security risks like the [https://owasp.org/www-project-top-ten/ OWASP Top Ten]. | ||
The Cryptshare Server development process, starting with the product design over the development and quality assurance phase | The Cryptshare Server development process, starting with the product design over the development and quality assurance phase includes the following measures[1]: | ||
* Agile development in a defined and self-optimizing Scrum process including quality assurance as a constant part: Developers and members of the QA team work together in an iterative process during Sprints with the goal to discover flaws (in terms of security and quality) at the earliest possible point in the process and before they can get into the final product version. During this phase developers make use of agile methods such as: | * Agile development in a defined and self-optimizing Scrum process including quality assurance as a constant part: Developers and members of the QA team work together in an iterative process during Sprints with the goal to discover flaws (in terms of security and quality) at the earliest possible point in the process and before they can get into the final product version. During this phase developers make use of agile methods such as: | ||
| Zeile 13: | Zeile 13: | ||
* During release preparation, additional measures are taken in the form of: | * During release preparation, additional measures are taken in the form of: | ||
** Regression Tests | ** Regression Tests | ||
** | ** Automated SSL checks using tools like testssl.sh | ||
Complementary to the measures taken during the development phase, the following internal guidelines exist to assure quick responses to discovered vulnerabilities and to prevent the publication of releases with known vulnerabilities: | Complementary to the measures taken during the development phase, the following internal guidelines exist to assure quick responses to discovered vulnerabilities and to prevent the publication of releases with known vulnerabilities: | ||
| Zeile 23: | Zeile 22: | ||
Furthermore, regular internal Security Risk Assessments take place to identify possible attack vectors on the product and to identify, prioritize and plan appropriate countermeasures against them. | Furthermore, regular internal Security Risk Assessments take place to identify possible attack vectors on the product and to identify, prioritize and plan appropriate countermeasures against them. | ||
----[1] The development processes for other parts of the product | ----[1] The development processes for other parts of the product follow the same procedures as described here. | ||
[[de:Cryptshare Sicherheitsmaßnahmen & Methoden]] | [[de:Cryptshare Sicherheitsmaßnahmen & Methoden]] | ||
Aktuelle Version vom 12. November 2025, 07:54 Uhr
As a security product, Cryptshare is developed using numerous methods aiming to mitigate and prevent functional issues as well as common security risks like the OWASP Top Ten.
The Cryptshare Server development process, starting with the product design over the development and quality assurance phase includes the following measures[1]:
- Agile development in a defined and self-optimizing Scrum process including quality assurance as a constant part: Developers and members of the QA team work together in an iterative process during Sprints with the goal to discover flaws (in terms of security and quality) at the earliest possible point in the process and before they can get into the final product version. During this phase developers make use of agile methods such as:
- Test Driven Development (TDD)
- Pair Programming
- In addition to the forementioned manual tests during a sprint, developers take care of maintaining automated quality assurance measures such as:
- Static code analysis
- Unit Tests
- Integration Tests
- Automated UI Tests
- During release preparation, additional measures are taken in the form of:
- Regression Tests
- Automated SSL checks using tools like testssl.sh
Complementary to the measures taken during the development phase, the following internal guidelines exist to assure quick responses to discovered vulnerabilities and to prevent the publication of releases with known vulnerabilities:
- Library updates in the last phase of the release process to fix discovered vulnerabilities before the official release.
- Upon discovery of a critical vulnerability in the current release, 14 days internal reaction time to fix the vulnerability and prepare a hotfix release.
Furthermore, regular internal Security Risk Assessments take place to identify possible attack vectors on the product and to identify, prioritize and plan appropriate countermeasures against them.
[1] The development processes for other parts of the product follow the same procedures as described here.