Solutions

Secure Development behind the scenes.

Security in

The SDLC

Software development is an integral and on-going component of Admin By Request parent company, FastTrack Software’s, systems and services. Read our secure Software Development Life Cycle (SDLC) Policy below.
Secure development is crucial to ensuring consistency, cost-effectiveness, and resource management in all facets of development, as well as reducing the risk of project failure. In order for services to be delivered and maintained at the highest possible standard, processes, procedures, and guidelines are established and implemented throughout the organization to ensure that standards of quality are being met for all software development at all times. All systems and software development work done at FastTrack Software adheres to industry best practices regarding secure software development, meeting the required controls set out in the ISO 27001 certification standard. Click the link below to access the SDLC Executive Summary.
Request Access
A smoking macbook with a lit orange led apple logo. » admin by request » admin by request
Need a few more reasons to trust us?
Visit the Trust Center

The Development Process

Software development at FastTrack Software follows a defined process intended to reduce the risk of project failure through the application of fast, iterative solution delivery, with continual testing throughout.
A visual explanation of the development process. » admin by request » admin by request

Overview

Software development at FastTrack Software follows a defined process intended to reduce the risk of project failure through the application of fast, iterative solution delivery, with continual testing throughout.

Methodology

This approach focusses on the benefits of a combination of two software development models, DevOps and Lean, to improve the delivery of both major projects and minor software updates.

Process

The diagram to the left provides an overview of the end-to-end process for software and feature development at FastTrack Software.

Man in red shirt with glasses on his computer. » admin by request » admin by request

Management

There are three key areas of management in our software development process to ensure suitable coding practices are followed throughout, all processes are carried out effectively, the appropriate tests are conducted, and all changes are analyzed for impact prior to implementation.

The source code is our most valuable asset and must be managed, maintained, and protected with the utmost care and efficiency. Source Code Management (SCM) outlines the system and details for source code control, including who has what access, when commits should be made, and backup types and frequency. It also provides guidelines on each release type (patch and production), specifying the considerations that should be taken into account, and details the required format for release tags, version numbers, and naming conventions.
Change occurs frequently to ensure our product continues to meet end-user needs and stays up-to-date on the market. Change Management outlines how the various requests for change should be processed (including in emergency situations), how issue tracking works both internally and externally, defines our support structure and ticket statuses, how feature requests are handled and implemented, and how change is approved, implemented, reviewed, and reported.
Before a new release goes out to our customers, it must undergo rigorous testing and be signed-off by multiple parties. Release Management details the processes involved in releasing updates and new versions, code and production sign-off, and info on release notes - how they should be structured and what they should contain.
Orange admin by request circle tick logo. » admin by request » admin by request

Security Maintenance

Security during development is one thing, maintaining security after release is another – both just as important to the integrity of the product. This section delineates the practices in place to ensure code is screened for issues and vulnerabilities throughout all phases of the development process.
VirusTotal Monitor
All files in built releases are uploaded and scanned by VirusTotal Monitor, a tool comprising 65+ anti-malware engines. Any flags of individual files are investigated, and software builds are only deployed once all files in the build return clear checks from all engines. Post-release, build files are scanned once per day to ensure Quality Assurance and security maintenance.
API Security Testing
The Admin By Request system integrates four APIs designed as simple REST interfaces, which use HTTPS and support encryption for built-in security. All APIs are reviewed during external penetration testing.
Penetration Testing

After release, penetration tests are conducted both on endpoints and the system backend, including testing of source code and review of APIs to identify any security vulnerabilities. These tests are conducted annually, with a full report including the scope of the test available to customers in the Trust Center.

Vulnerability Scans

Vulnerability scans are conducted regularly using a series of known external scanners to test for security weaknesses in software systems. Results are generated by industry-standard providers Security Scorecard, Intruder, and Pentest-Tools, and others. Vulnerability scan reports are generated annually and are available to the public in the Admin By Request Trust Center.

A standing man resting his head on his hand while using his laptop. » admin by request » admin by request

Vulnerability Mitigation

Vulnerabilities create opportunity for exploitation and, while it’s not always feasible to completely eliminate them, we’ve taken steps to ensure mitigation in every facet of software development at FastTrack Software.
Threat Modelling
Threat Modelling
We use a simple four-step Threat Modelling approach which integrates OWASP guidelines and various security threat perspectives (STRIDE and DREAD).
System Hardening
System Hardening
FastTrack Software works with Microsoft Gold Partner, Automize, to perform hardening on the system’s server and database environment and identify areas that need improvement.
OWASP Compliance
OWASP Compliance
Admin By Request parent company, FastTrack Software, is a member of the OWASP foundation, and all system code has mitigating measures against OWASP Top 10 risks built-in to ensure code security.
Supplier Compliance
Supplier Compliance
FastTrack Software verifies that all software suppliers adhere to industry standards for Systems/Software Development Lifecycle (SDLC) security.
API Security
API Security
All APIs are built with tamper detection and email alerting to tampering. During an attack, the attacker is never made aware if they successfully obtain a customer key.
Think Like an Attacker
Think Like an Attacker
Throughout various phases of the development process, the “think like an attacker” approach is applied to ensure the potential for successful cyber-attack is reduced to the lowest possible rate.
Orange admin by request circle tick logo. » admin by request » admin by request

Business Continuity & Disaster Recovery

Business Continuity planning is integral to FastTrack Software’s approach to mitigating and managing risk and responding to incidents, and an on-going responsibility of the organization to its employees and customers. Learn more about our BC/DR policies and processes.
Show Me