Robust Security Practices at James Anthony Consulting

James Anthony Consulting (JAC) is deeply committed to integrating security best practices into every aspect of our software engineering process. Our approach is founded on the principle of "Teach and Learn," ensuring that all team members are not only equipped with the latest security tools and methodologies but also understand their importance in the broader context of secure coding.

Emphasising Source Code Analysis

At JAC, source code analysis is a mandatory step in our development process. For each language we work with, specific tools are employed. For example:

• C#: Tools listed on GuardRails' Awesome DotNet Security.

• PHP: Resources from GuardRails' Awesome PHP Security.

• Java: Static code analysis tools like those found on DZone.

• Python: Tools such as those from Facebook Engineering and Pyre-Check (Pyre-Check.org).

• Django: Various tools sourced from Awesome Django Security.

• Golang: Tools like GoSec (SecureGo GoSec).

• Multipurpose: Sonar Source for various languages (SonarSource PHP Knowledge).

Mastery of OWASP Top 10 and Language-specific Security

Our developers are required to be well-versed with the OWASP Top 10 list, a crucial resource for understanding the most significant web application security risks. We also emphasise the importance of using language or stack-specific cheat sheets, like those provided for .NET Core and Laravel, to address unique security challenges in different environments.

Proactive Use of Vulnerability Checkers and Enumerators

To stay ahead of potential threats, we use various vulnerability checkers and enumerators:

• WordPress: Tools like WPScan and HackerTarget's WordPress Security Scan.

• Magento2: Adobe Commerce's Security Scan Tool.

• Laravel: Resources like Larasploit.

• Java: Acunetix's Java Vulnerability Scanner.

Server and Application Hardening

Our team is encouraged to familiarise themselves with hardening guides for the technologies they use:

• Windows Server: Resources such as Microsoft's Windows Server Hardening Guide.

• IIS: Guidelines like IIS Server Hardening.

• .NET Core: Security practices outlined on Microsoft's ASP.NET Core Security.

Continuous Security Training and Awareness

All staff at JAC are enrolled in a security education, training, and awareness program, receiving regular updates to ensure that they are informed about the latest security trends and practices.

Incident Response and Security Monitoring

We emphasise the importance of incident response protocols and active monitoring of security systems. Tools like Nmap for network scanning and services like CloudFlare and Azure FrontDoor for Web Application Firewalls (WAFs) are integral to our security infrastructure.

Conclusion

At James Anthony Consulting, our dedication to secure coding practices is a core part of our identity. By integrating advanced tools, staying informed about potential vulnerabilities, and continuously educating our team, we aim to maintain the highest standards of software security. Our practices, shared openly, serve as a guide for others in the field seeking to enhance their secure coding initiatives.