Development

Stack
Widows Server.
SQL Server
.net Core
Android and iOS native (Kotlin, Swift)
Angular (TS) and ASP.net Core”

OWASP
- Wideum applications are designed to protect against the 10 major vulnerabilities identified by OWASP
- All level 1 and 2 rules defined in the Application Security Standard Verification by OWASP are respected, with the following exceptions: Rule 10.10 (HPKP implementation)
- Use OWASP ZAP to identify vulnerabilities

Data Management
- Test environments do not use production data unless it is strictly necessary to fix a bug and only after approval of a security protocol with the security committee and for a certain period of time.
- Wideum compromises to store the data during the duration of the contract with the customer. Minimum time is two years, even if the duration of the contract is shorter than two years.

SDLC
Incorporating safety into our development process is of paramount importance. Here are some key safety practices we have implemented:

- Security Assessments: Wideum conducts regular security assessments to identify and mitigate vulnerabilities in the software.

- Code Reviews: Wideum’s development team performs thorough code reviews to ensure adherence to security best practices and identify potential vulnerabilities.

- Data Encryption: Wideum employs strong encryption protocols to protect sensitive data both in transit and at rest.

- Access Controls: Access to sensitive systems and data is restricted to authorized personnel only, following the principle of least privilege.

- Compliance with Industry Standards: Wideum adheres to relevant industry standards and best practices for security, such as OWASP for web applications.

- Incident Response Plan: Wideum have a well-defined incident response plan in place to address any security breaches or incidents promptly and effectively.

Environments
Test, Preproduction, Production

Deployments
Wideum performs approximately 12 deployments per year of each of the applications.