Web Application Security
Snow License Manager and other Snow applications are developed according to the Snow Secure Development Lifecycle. It is based on the industry-standard Microsoft SDLC, and aligns security-related activities in accordance with industry best practices that are integrated through all stages of software production: application design, development, testing, and release. For finding and mitigating risks, Snow follows the OWASP security guide, which includes protection against SQL injection, Cross-Site Scripting (XSS), Remote Code Execution (RCE), Cross-site Request Forgery (CSRF) and other types of attacks and malicious actions. Security is the integral part of Continuous Delivery practices at Snow; the Snow applications are analyzed and tested daily by use of the leading Static Application Security Analysis (SAST), Dynamic Application Security Analysis (DAST) and Open-source composition analysis (OCA) tools.