How do you ensure application security?

Security is built into every phase of our development process, not added as an afterthought. Advisory Apps follows OWASP guidelines, enforces encryption standards, and conducts security testing before any application goes live.

Security Standards We Follow

• OWASP Top 10: Every application is reviewed against the OWASP Top 10 vulnerability categories, including injection attacks, broken authentication, cross-site scripting (XSS), and security misconfigurations.
• PDPA compliance: For Malaysian projects, we implement data handling practices that comply with the Personal Data Protection Act 2010. Our MedicalMet platform serving 300+ clinics is fully PDPA compliant for patient health records.
• SSL/TLS encryption: All data in transit is encrypted. We enforce HTTPS across every environment.
• Encryption at rest: Sensitive data stored in databases and file systems is encrypted using AES-256 or equivalent standards.

Security Testing

Before launch, we conduct penetration testing to identify vulnerabilities that automated scans might miss. This includes:

• Automated vulnerability scanning: Static application security testing (SAST) and dependency audits run in our CI/CD pipeline.
• Manual penetration testing: Targeted testing of authentication flows, API endpoints, payment processing, and data access controls.
• Code reviews: Peer reviews with a security checklist for every pull request before merging.

Access Control & Authentication

We implement role-based access control (RBAC), multi-factor authentication (MFA), and session management following security best practices. API endpoints are protected with OAuth 2.0 or JWT-based authentication with proper token expiration and refresh mechanisms.

Ongoing Security

Post-launch, we monitor for vulnerabilities through dependency updates, security patches, and periodic reviews. Our maintenance packages include regular security updates. Contact us to discuss security requirements for your project.