Nobody likes other people getting credit for their accomplishments, gained with hard work and no play. Especially mobile application development businesses. Here are five advises that may help you keep your brain-child to yourself only.
- Developer training. Nowadays IT technologies are evolving with colossal speed. You may wake up one day and all you used to know and worked with yesterday is hopelessly outdated. So regular team trainings are rather a necessity. The training program should definitely include:
- Issue descriptions
- Real world examples
- Ways of overcoming these issues
- Review of the code. Surely you have regular code reviews done by your development team. But does your security-guy test the code in several specific areas, like validating vulnerabilities that don’t have crept in the code base? Try to make sure he does. It’s extremely important because these areas include such things as database access, use of cryptography, input, output, etc. By the way, you shouldn’t try writing your own strong cryptographic algorithm implementations. Why bother if good ones are already there and you might just not be smart enough yet.
- Internal testing is also very important for teams who are dealing not only with their own mobile application, but with other kinds of development. QA teams have to ensure on each and every release that these vulnerabilities can’t find their way into the app. So automate as hard and much as you can. Try keeping track of all the security related issues via a ticketing system, etc.
- External testing. Just QA people are not enough already. You, testers, can’t do all the work on your own, no matter how hard you try. And it’s not your fault, the world is simply cruel and unfair, that’s it. Receiving help is not at all shameful, and even necessary if you want to do your job right.
- And the last but not least: staying up-to-date! You never can’t be too safe. And a lot of your knowledge is up to you to gain. Read, watch and learn as much as you can. The Internet is open to you and is crowded with various blogs, security sites, specialized media etc. Want to stay the best? Try. It all depends on you, as always.