Tinkering with product security
Welcome to my latest series on product security, where I shall be sharing some of my personal experiences in product security, the challenges that I navigated and share approximate solutions for a wider set of audience.
Before we deep-dive or get into anything technical, it’s essential to understand the non-technical aspects as well.
Build bridges with feedback channels
Product security is essentially an intersecting junction between product & security, its an amalgamation of both. Wherein the continuous delivery is in a constant state of conflict with security. It’s essential to have a proper communication channel between the security team and product team to ensure proper flow of ideas, to understand what both the teams are working upon and how can they help each other.
Start with basics, don’t overwhelm your product team
All this may seem quite fancy to watch in a full-blown IMAX screen with all those 3D effects and 8D digital Dolby audio sounds but trust me you don’t want to see developers and devops engineers crying over a terminal trying to restore their applications while you were trying to get a security bug fixed.
Start the journey with building a strong foundation, lay your bricks wisely.
Understanding Product
- First and foremost understand the product.
- Breakdown the product into further sub-components with their user-flows and data-flows. This shall enable you as a security engineer to understand the different flows, sometime a user flow might trigger multiple data flows.
Understanding Product Managers
When trying to build a product security pipeline, often security engineers try to overload the system with integrating lots and lots of security tooling thinking that might click someday while they overlook a crucial component, i.e. product managers.
I have had the chance to work with different product managers from a diverse range of backgrounds (tech, non-tech), with a varied experience in terms of industry, years of experience, having experience in building scalable products that involve millions of users and resources.
It’s crucial to understand how product managers function. Understand from them how they build the product, how new features are adopted, added and streamlined. Why and how some features are removed and replaced by other features in the release cycle.
Initial blogs in this series shall be inclined more towards a generic understanding to help learners of all levels start from the very fundamentals.
Until then, see you in the next blog. Please clap and follow if you liked it.
Recommended Reading : Server side vs client side vulnerabilities
