Application Security

Application Security

Date: 1^st January 2023, Version number: 1.0

Smylor has built both internal and external security checkpoints into the Smylor application’s development pipeline.

1. Smylor Coding Development
2. Application Staging Testing
3. Application Live Bug Testing

With this coding development approach our engineers have the ability to be creative with new features while sustaining tried and tested end user secure experiences. 

Smylor always works on the principle to deliver value to customers especially on their user experience (UIX). Releases provide iterative updates that deliver increased value in UIX or other functionality.

Smylor’s change control process is how we maintain our security focus. To do this, we implement some core guidelines for coding, which include:

• Commenting and story planning based upon the end user experience intent – asking questions like: Why are we doing this? What does it take to achieve optimal convenience for the end user? What workflow is required?
• Keep coding functions/methods simple. Each function/method should do primarily one thing to maintain modularity. 
• Maintaining privacy by ensuring module interfaces are as small as possible when exposed to the public. 
• Smylor’s change management process guides application delivery through three stages (1) Development, (2) Staging and (3) Live Production. Each stage has checkpoints in which changes are committed and tested before moving to the next stage.
• An application change is initiated once the user experience story is completed and it enters a sprint. 
• A comprehensive suite of tests is run by our internal and external test teams against any revision that is a release candidate.

Code review is done by a different developer from the one who implements the change. They are usually from the same team unless relevant expertise from a different team is required. If all tests pass and the reviewer is happy with the pull request, they can approve it. This permits the pull request to be merged later into our main branch.

• A developer queues to deploy their change. Our build system maintains who can deploy to each environment at what time to ensure deployments are handled consistently.
• Each separate application feature upgrade is first deployed to a staging environment where final manual verification can take place.
• Once the verification is done in the staging environment Smylor continues to deploy to the production environment.