Avoiding Security Risks for Developers

Software developers are not only responsible for writing codes, building, and testing applications. They must be responsible for avoiding security risks for the project and the company as a whole. Due to the growing use of the internet, applications, tools, and technology, security risks have skyrocketed. It’s a major challenge for any software developer to try to avoid the common threats that have dominated the software development industry for so long.

Avoiding Security Risks must be a part of the development strategy. I mean, I’ve seen a lot of companies first trying to build software, and later after it's ready for UAT, they try to find vulnerabilities and threats by hiring part-time pen testers and security engineers. The developers cannot keep up with fixing bugs, adding features, and doing RND to fix security bugs at that point in time. That would create havoc and be a pain for the organization. Hence, it should be a part of a day to day development life cycle. For example, it can be a part of the CI/CD pipeline.

There are many things that a software developer can do from their end to avoid security risks. A few of them are:

Keep Up With Dependencies

Manage Secrets

  • Posting a stack overflow question with code to resolve immediate bug which contains credentials
  • Committing and pushing official projects with credentials, keys, tokens in a public Github/Gitlab repo
  • Posting things online which contains sensitive information

It must be taken into consideration for maintaining the secrecy and avoiding the apocalypse.

Avoid Sharing Accounts

The account can be created individually, if not possible, team-wise. It will minimize the risk because the account shared by 50 developers if hacked will impact more than the account shared by 4–5 developers. Also, if the account is used by more users, the more vulnerable it is and the tougher it is to manage secrecy.

Manage Permissions

Remember database outrage in Gitlab? One engineer in Gitlab mistakenly deleted the primary production database instead of the secondary which resulted in the loss of 5000 projects, 5000 comments, and 700 new user accounts. One small mistake can result in a loss of reputation and a million dollars. If it can happen to a big company like Gitlab then is it inevitable for you?

Avoid Risky Behaviour

  • Setting unrealistic deadlines
  • Working through fatigue
  • Taking shortcuts and cutting corners
  • Rushing through tasks to meet the deadlines and ignoring crucial aspects of the development

A short break or procrastination sometimes can be a good approach to avoiding risks.

Thanks a lot for reading this article. If you have anything in mind, then please feel free to comment or reach out to me.

Software Developer | Learner