Our team focuses on three main areas:
- Those of us who like to script provide the Security team with DevOps support.
- Those of us who prefer to seek security issues in scripting framework and back-end work on Kentico Cloud.
- Those of us who fancy MVC take care of the security in Kentico EMS.
What are you going to do? You guessed it right - you can work on whatever is closest to you. To get a better idea, we've put down the activities we regularly spend time on:
- Regular security audits – we review code and perform penetration testing
- Analyses – we analyze code and look for potential security flaws
- Suggest solutions – we help dev teams come up with safe and secure solutions
- Internal consultations – we participate in the development of new functionalities and help our support engineers when customers ask tricky questions
- Training – we educate the whole Kentico about security. We write blogposts from time to time.
We have a long term plan and goals. We meet every week and plan particular steps to achieve the objectives. We put TODOs in a backlog, estimate them, and prioritize them. We do that together as a team - everyone is welcome to contribute with their ideas.
What technologies do we use?
We script mainly in Python and PowerShell. For penetration testing, we find Burp Suite and Netsparker most useful.