#product-security

Build security into product development lifecycle (secure SDLC). Security requirements: 1. Authentication: multi-factor authentication, password policies. 2. Authorization: role-based access control, principle of least privilege. 3. Data protection: encryption at rest/transit, tokenization of sensitive data. 4. Input validation: prevent injection attacks, sanitize user inputs. 5. Session management: secure cookies, session timeouts. Development practices: 1. Threat modeling: identify potential attack vectors early. 2. Secure coding standards: OWASP guidelines, code reviews. 3. Dependency scanning: monitor third-party libraries for vulnerabilities. 4. Penetration testing: regular security assessments. 5. Security training: developer education on common vulnerabilities. Monitoring and response: 1. Security information and event management (SIEM). 2. Intrusion detection systems. 3. Incident response plan: defined procedures for breaches. 4. Regular security audits and compliance checks. Tools: Snyk for dependency scanning, Veracode for static analysis, bug bounty programs for ongoing testing.