Vulnerability Management
Our security team performs automated and manual application and infrastructure security testing to identify and patch potential security vulnerabilities and bugs on a regular basis.
We also engage independent service providers to perform external penetration tests to assess the potential system security threats on an annual basis. Remediation activities against discovered vulnerabilities are performed in a timely manner to enable the pen test provider to retest and verify that the issues are fixed.
A formal Change Management Policy has been defined by the Valarea Engineering team to ensure that all application changes have been authorised prior to implementation into the production environments. Source code changes are initiated by developers that would like to make an enhancement to the Valarea application or service. All changes are stored in a version control system and are required to go through automated Quality Assurance (QA) testing procedures and manual code review to verify that security requirements are met.
Successful completion of QA procedures leads to implementation of the change. All QA-approved changes are automatically implemented in the production environment. Our software development lifecycle (SDLC) requires adherence to secure coding guidelines, as well as screening of code changes for potential security issues via our QA and manual review processes.
All changes released into production are logged and archived, and alerts are sent to the Valarea Engineering team management automatically. Changes to the Valarea production environment are restricted to authorised personnel only. The Valarea Security team is responsible for maintaining infrastructure security and ensuring that server, firewall, and other security-related configurations are kept up-to-date with industry standards. Firewall rule sets and individuals with access to production servers are reviewed on a periodic basis.
Last modified 1yr ago