Development Environment, Tools, and Build Environment
The environments and tools we work with are essential for the project. The team should standardize tool usage, document configuration, and reduce risk in the development and build chain.
Develop
It's not possible to provide a recipe on how to write secure code in a few simple and concise articles. However, it doesn't mean it's an insurmountable task reserved only for security experts! Everyone developing software at Bouvet should be familiar with OWASP Top 10, which is a good starting point to understand the challenges faced by developers.
The articles you find under the topic Develop on this page will focus on what happens on a developer's workstation, apart from actual code. They won't delve into specific attack methods or how to defend against them. You will also find advice on how a team should work to prevent, identify, and fix vulnerable code.
Version Control
Version control is an essential tool in all development projects, but how do you use it effectively and what should you consider?
Data Validation
Data validation reduces both security risk and quality issues. Never trust data blindly, whether it comes from users, integrations, or AI pipelines.
Security Practices
There is much to consider when building a secure solution, and an important starting point is the OWASP Top 10.
Software Supply Chain
Everyone who develops software uses third-party packages. All third-party packages represent code written by others and pose a risk to the delivery if we do not have control over what we use and an overview of weaknesses and risks associated with them.
Documentation
Good documentation is essential for continuity, traceability, and security. This applies to the choices made, the threats assessed, and the system’s actual behavior — including in AI systems.
Secrets
All development projects require secrets such as connection strings, identities, passwords, certificates, and much more. These must be stored securely, and we must ensure that we use them in a secure context with the right support tools and processes.
Security Testing
In line with other elements associated with team quality, we depend on testing to verify that we have achieved the goal. Security testing is an important part of this, as it allows us to demonstrate that the delivery is not vulnerable to certain attack methods.