Head first – architecture & design matters !
Most of the code-based security risks can be systematically mitigated by a proper architecture and design of the application, especially with well-thought choices regarding technology and third party components.
Risk awareness & code review
Even the best developers regularly make mistakes – bugs are part of the development process. As security problems often result out of programming errors, we have a huge focus on eliminating them right at the source by training our developers and by performing manual as well as automatic code review.
In our development projects, we contractually commit to avoid the OWASP Top10 risks.
Our applications are regularly audited, be it on code level or as a deployed application in the final execution environment.
Re-use of fully validated application stack
As the frameworks, custom components and deployment landscape we use have been constantly enhanced and fully validated with several projects, we build on these assets for our future projects.