What's the Adyen way of development and engineering?
The Adyen way of engineering
At Adyen, security is not an afterthought, we embed it throughout every phase of our product lifecycle. This approach allows us to catch flaws in very early stages, which substantially reduces risk, workload and the need for excessive security engineering activities. As such, we include security requirements and threat modeling activities in every phase of engineering platform components, from initial design to launch, operational support and potential sunset.
During the build phase, our engineers work in line with secure engineering best practices, assisted by automated tooling to prevent vulnerabilities. Design and build validation happen throughout the product lifecycle by means of security assessments, executed by internal and external pentesters.
Secure development lifecycle
All changes to our codebase or infrastructure are reviewed and verified by at least one additional trusted engineer and enforced by dual control processes in version management systems. Platform changes are recorded centrally, ensuring visibility and auditability. Releases are automatically tested for functional and security requirements in a continuous integration pipeline, and deployed in a staged manner making use of multiple environments to ensure proper segregation.
Was this article helpful?
The integration security guide
Follow best practices to reduce security risks.View integration security guide