We tried something new today, we did a security review for a new service in our company and once we completed the review we asked the developer these questions and got some good answers on how we can make security easy for the developers: 1/n
Q: Why did you want a security review of XYZ service?
A: We are onboarding a new client and for that, we are using a new ticketing tool for the first time in our product. We wanted this to be secure and hence we approached infosec
Q: How did you approach us? Did you face any issue approaching the security team?
A: I created a Jira ticket and I think I directly pinged Appsec lead. She scheduled a meeting with you guys. It was a smooth process and I did not face any issue as such
Q: Did you face any issue throughout the security review or after it is completed?
A: No the process was very transparent. In case there were any confusion or requirements It got cleared via chat or a small call
Q: If you had a magic wand which you can use to do anything in the security team/reviews, what would you do with it to improve the process, being a developer?
A: It would be nice if we have a list of basic security checks you do so we could test it before reaching out to infosec
I am open to discuss opinions/suggestions on this to make this better
@secfigo @clintgibler @Raybeorn @HellaSecure @madhuakula @bnchandrapal @NeeluTripathy
You can follow @security_prince.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: