Purpose

Foster continuous improvement within sophilabs by promoting a self-evaluating culture that thrives on welcoming and adapting to change. To do so, the Squad operates through basic quality tools (such as customized checklists), allowing each project a thorough process-alignment analysis against best practices for specific knowledge-domains like Security, Software Design, Methodologies, etc.

Checklists are built on top of a simplified “Objectives & Key Results” approach, where expected results align with best practices and are validated by specific questions. In consequence, deviated results are visible and suggested action plans can be assessed and implemented.

E.g.: “Does every team (and team member) subscribe to Agile management practices? - Assistance can be requested from the Agile Master to assess the team’s knowledge gaps and implement Agile awareness workshops”

Kick-off

Do you have a project Manifesto or README?

Include a file in your project to help to newcomers so they can start working without inconvenience. Take a look at Kick Off section to get a sample.

Security Checklist

Server Configuration

• Are you actively applying security patches?

  • Apply security patch in your applications is important to reduce vulnerabilities. If you want to know more about security patches you can take a look at Patches section.

• Do you have SSH configured with a password and without root login?

  • Configuring SSH properly on your servers is important to reduce vulnerabilities. You can check how to do this in the SSH section.

• Are you only using version 2 of SSH protocol?

  • Using the latest version of the SSH protocol is safer. For more information check SSH section.

• Are you using HTTPS everywhere?

  • Using HTTPS protocol is important to build safe web apps. If you don’t know how to configure it take a look at HTTPS Guidelines.

• Are you using HSTS?

  • HSTS helps your site to enforce SSL/TLS usage for your users, so you can prevent protocol downgrade attacks and cookie hijacking. If you don’t know how to configure it take a look at HSTS Guidelines.

• Are you whitelisting database connections?

  • Whitelisting database connections is important to protect your data. You can learn how to do this reading the Security Database Section.

Identity and Access Management (IAM)

• Are you limiting the login attempts in your app?
  • Limiting the login attempts in your apps is important. Take a look to Login Section.
• Do you create users with autogenerated passwords instead of predefined ones?
  • Using autogenerated passwords prevents impersonation. Read the Password Section to learn more.
• Are users the only ones who know their own passwords at all times?
  • Help users prevent impersonation by providing a robust framework for password creation and management, take a look at the Password Section for guidance.
• Do you store passwords with a proper cryptographic hashing algorithm?
  • Storing passwords in secure way is very important. If you want to learn about secure ways to store your passwords read the Password Section.