Application Security

Web application frameworks are made to help developers build web applications fast and secure. Rails is one of such framework for Ruby, which comes with security helper modules. Our Rails developers adhere to recommended coding guidelines which are peer reviewed. We are guided by existing publications for Ruby on Rails software development, such as Ruby on Rails Security Guide [1] and the OWASP Ruby on Rails Cheat sheet [2]. These documents bridge similar publications together and provide a more complete set of security-specific coding guidelines and also act as a quick reference for the developer.

We use scanning tools like Dependabot within our Continuous Integration(CI) pipeline.

Strict Content Security Policies against the likes of inline scripting and cross frame scripting are in place at the front end to ensure protection of back end systems and data from front end attacks.

File uploads are restricted based on file types to prevent upload of malware.

Patching

The operating systems and databases running our servers are continually monitored and patched to ensure that our environments are healthy and free of vulnerabilities. The web framework is continually monitored and patched by our internal development teams.

Patches go through a full release process albeit expedited, that includes testing prior to applying to production environments to ensure stable operation.

We carry out zero downtime deployments and our security patch management processes are carried out in the early hours if and when a downtime is involved. This is typically less than 5 minutes of downtime. For anything longer we would alert clients beforehand.

The application is continuously monitored by incorporating security scanners into our CI pipeline. Issues and vulnerabilities are patched by our internal development teams as they come to light.

Did this answer your question?