Skip to content
Planet Argon Planet Argon Engineering Handbook

Device and Application Security Best Practices

1. Introduction

Section titled “1. Introduction”
  • The importance of security in software development
  • High-level overview of the areas of focus

2. Application Security and Vulnerable Code

Section titled “2. Application Security and Vulnerable Code”
  • Understanding what constitutes vulnerable code
    • Injections (SQL, XML, etc.)
    • Cross-Site Scripting (XSS)
    • Insecure Direct Object References
    • Security misconfigurations
  • Security best practices in Ruby on Rails development
    • Code reviews and regular audits
    • Using secure coding principles (least privilege, defense in depth, etc.)
    • Implementing strong access control measures
    • Securely handling user data and sessions
    • Adhering to Rails’ Secure Coding Guide
    • Using security analysis tools (Brakeman, bundler-audit, etc.)

3. Device Security

Section titled “3. Device Security”
  • Keeping devices patched and updated
  • Ensuring disk encryption is enabled
  • Setting up firewalls and antivirus software
  • Safeguarding devices against physical theft

4. Password Security using 1Password

Section titled “4. Password Security using 1Password”
  • Understanding the role of 1Password in safeguarding passwords
  • Setting up and using 1Password
  • Creating strong, unique passwords for each service
  • Securely sharing passwords with team members using 1Password

5. Two Factor Authentication

Section titled “5. Two Factor Authentication”
  • Importance of 2FA in adding an additional security layer
  • Implementing 2FA on all possible platforms
  • Using secure and reliable 2FA methods (authenticator apps, hardware tokens, etc.)
  • Training staff on how to properly use 2FA

6. Standards Regarding Sharing Passwords

Section titled “6. Standards Regarding Sharing Passwords”
  • Never sharing passwords through insecure channels
  • Utilizing tools like 1Password for secure password sharing
  • Implementing a policy for password sharing in emergency situations
  • Regularly updating and changing shared passwords

7. Keeping Rails and Gems Up to Date

Section titled “7. Keeping Rails and Gems Up to Date”
  • The role of patches and updates in security
  • Setting up a regular schedule for checking and implementing updates
  • Understanding the potential risks of not updating
  • Handling deprecated or unsupported gems

8. Incident Response and Reporting

Section titled “8. Incident Response and Reporting”
  • Implementing a procedure for reporting and addressing security incidents
  • Regularly reviewing and updating incident response procedures
  • Training staff on how to respond to security incidents

9. Regular Training and Security Culture

Section titled “9. Regular Training and Security Culture”
  • Importance of regular training in maintaining security
  • Cultivating a security-focused culture within the team
  • Regular updates on new threats, vulnerabilities, and security practices

10. Conclusion

Section titled “10. Conclusion”
  • Recap of security best practices
  • Emphasizing the ongoing nature of security efforts
  • Encouragement to stay vigilant and proactive in maintaining security

resources: https://planetargon.atlassian.net/wiki/spaces/PADEV/pages/2328821761/2023-3-7+Application+Security+at+Planet+Argon