Introduction

Application vulnerabilities account for the largest portion of attack vectors besides malware. It is crucial that any application is assessed for vulnerabilities and any vulnerabilities are remediated prior to production deployment.

For the purposes on this Policy, under “Alpha Serve” are meant Alpha Serve and all its subsidiaries in all the locations.

In case any kind of security incidents must be immediately communicated to all related parties.

1 Policy Statement
2 Purpose of the Policy
3 Scope of the Policy

Policy Statement

To keep risk to an acceptable level, Alpha Serve shall ensure that the proper security controls will be implemented for each application. Application developers, QA specialists, DevOps specialists, support engineers, and project managers are expected to use their professional judgment in managing risks to the information, systems and applications they develop, test, use and support. All security controls should be proportional to the confidentiality, integrity, and availability requirements of the data processed by the system.

Purpose of the Policy

The purpose of this Policy is to ensure that all Alpha Serve’s applications are designed, tested, and released in as secure a manner as possible using defined application development principles and procedures.

The purpose of this Policy is to define application security assessments within Alpha Serve. Application assessments are performed to identify potential or realised weaknesses as a result of inadvertent misconfiguration, weak authentication, insufficient error handling, sensitive information leakage, etc. Discovery and subsequent mitigation of these issues will limit the attack surface of Alpha Serve products and services, as well as satisfy compliance with any relevant policies in place.

All the processes and activities described in this Policy are targeted to prevent Alpha Serve’s applications and, where possible, their users from external threats that arrive from several paths to do harm to business or organisation.

Scope of the Policy

This Application Security Policy applies to all applications developed, released and published by Alpha Serve and under Alpha Serve name.

This policy covers all application security assessments for the purposes of maintaining the security posture, compliance, risk management, and change control of technologies in use at Alpha Serve.

All application security assessments will be performed by the personnel either employed or contracted by Alpha Serve. All findings are considered confidential and are to be distributed to persons on a “need to know” basis. Distribution of any findings outside of Alpha Serve is strictly prohibited unless approved in written by the Chief Executive Officer.

This policy must be adhered to all Alpha Serve employees and temporary workers at all locations and by contractors working with Alpha Serve as subcontractors.