Examples of the Best Answers


I don’t have an example where I was involved in origination wide change as I work small part of a large organization. However I do example where I made changes across development teams. The [XYZ]self service web app take in credit/debit card as payment methods to add purchase phones, accessories, and pay for adhoc or recurring services.[XYZ] was required to be PCI compliant. So every 6 months a penetration test would be done by external auditor to check for vulnerabilities.[XYZ] need to be PCI complaint else face fine or risk business. The first time the test was run and number of vulnerabilities were found. We worked on fixing these in subsequent releases. Know the exposure of such vulnerabilities and required for compliance as well, I setup a practice to take are this. I reviewed the all the vulnerabilities like cross site forgery, cross scripting attacks etc. and followed OWASP security guidelines. I documented all such issue, coding pit falls and secure going practices like code sanitation,SQL statements and setup an team wise change to follow the secure coding guidelines to avoid such issues. Further, the dev team were instructor to do code review before any every release to make sure secure coding guidelines were followed and offshore would certify in writing that have address all vulnerabilities before every release. This process worked like a charm, the next release when scan was done, no high or medium issues were reported and the scan was passed successfully.