mgm Atlassian App Vulnerability Management

With the support of our mgm security partners which provides the entire spectrum of web application security services, we approach to handle Security Vulnerabilities of our apps.

Vulnerabilities identification

At mgm, we are using various ways to identify the vulnerabilities across our apps, as well as avoid the vulnerability issues during the development, our main focuses are:

  • Regularly Vulnerabilities Check: We regularly co-operate with our security partners to do the pentest across our all apps, which we will identify any vulnerabilities in the app, and also the attack possible from outside.

  • Regularly Security Training For Developers: We want to improve our application quality, and avoid the vulnerability issues as soon as possible, right in the development phase. So our developers are encouraged to learn and have a good awareness of app security.

We continue working on our vulnerability detection process, as well as finding new tools that we think they might help.

We also have some additional identification methods that we are using:

Customer & user reports – Users of our products can report any bugs they encounter at any time via mgm app support. We will then work with them to collect all necessary details so the vulnerability can be flagged internally and fixed.

Tracking and resolving vulnerabilities

To maximize the efficiency and effectiveness of our vulnerability management program, we use our internal ticketing systems, which can be found here.

Once a fix for a vulnerability is developed, it is tested carefully, then the fixes are rolled into a new release and deployed along with other fixes on a regular basis in accordance with our standard release process.

Preventing vulnerabilities during the development process

Open source dependencies

While it's important to find and fix vulnerabilities in our own code, our products and services also rely on numerous open-source libraries. It is therefore equally critical that we are aware of what libraries we're using and that they're up to date with the latest security bug fixes.

We also double-check any open-source libraries before we actually apply it to our products. If any vulnerabilities issues found, we will either find the alternative version/library or create a ticket in the library’s issue management system.

Code review also covers the security aspects

As all of our developers have a good awareness of app security, we also do the security check while reviewing the code. The checking could be on some basic, and easy to detect such as XSRF, XSS, SQL Injection, Sensitive data exposure,…

Summary

mgm technology partners has a multi-faceted approach to vulnerability management across our products. We want to ensure that we identify and resolve vulnerabilities that arise as quickly as possible, and minimize their frequency in the first place.