2CLIX knows that your security and privacy are important and cares deeply about them.
TEST AND DEVELOPMENT ENVIRONMENTS
The Staging (Homologation) and Development environments are separated from both the production server and the production database, and run as individual instances.
These environments contain fully anonymized data, used by the development and quality teams to perform their continuous improvement activities for the Quality Portal.
The databases in these environments are updated weekly; test users and test data are removed and refreshed with a new set of anonymized data.
The feature update cycle is directly tied to continuous integration with the source code versioning tool, meaning that whenever developers complete a task it is automatically deployed to the testing environment.
Features and updates performed in these environments do not impact production; production updates are only carried out once the staging environment has been approved for release.
SECURITY TESTING
Security tests are performed using automated scanners, both static (SAST) on the source code and dynamic (DAST) on the web application. The final results are reviewed and used as a basis for manual security checks, such as Code Review and Penetration Testing.
Combining these two processes helps reduce false positives and false negatives and supports the ongoing security of system features.
These processes take place in the staging environment before any release that includes significant improvements or new features, or at least every 3 months. At the end of the process, a report is produced and prioritized tasks are created to remediate all vulnerabilities found.
SYSTEM ACCEPTANCE TESTING
System Acceptance Tests aim to verify all system features, as well as their behavior under incorrect or improper use.
These tests are carried out in the staging environment before every release. Errors found during these tests are sent to the Development team, and the environment is only approved for release once all high- and medium-impact issues have been fixed. At the end of these tests, a document is generated showing the system’s level of compliance and the severity of the impact of any issues found. Based on this document, the Quality team provides feedback on whether the staging environment is accepted.
A release is only started once the Quality team has approved the environment for deployment.
