Hi Matthieu, it's great to meet you and talk about your career! To start with, could you describe your current role as a fullstack developer, with a particular interest in cybersecurity?
Hello, and thank you for seeing me. To be concise yet comprehensive, I'm responsible for the design, development and maintenance of web and mobile applications. My job involves coding both server-side (PHP, Python) and client-side (HTML, CSS, TWIG, Tailwind, JavaScript). Perhaps you've heard these words before? If not, they may seem somewhat obscure to you: they are programming languages used to develop software, web applications and other computer systems.
As you said, I have a keen interest in cybersecurity, which means that I integrate security practices right from the start of the development cycle. My main responsibilities include
- Analysing the functional and technical requirements of projects
- Designing and implementing software architectures
- Carrying out security and performance tests
- Continuous monitoring and vulnerability management
By using these resources correctly, we can ensure the security of the applications developed. What's more, I use a framework (think of it as a prefabricated toolbox for software developers. It contains ready-to-use tools and rules to follow that help build applications in an efficient and organised way, without having to create everything from scratch every time). This makes the development process faster, more structured and more secure).
It's all very technical! But even though I'm new to the subject, I've got a good understanding of what you do. Can you tell me how you manage to balance the functional requirements of an application with its security imperatives?
This is an important point. To do this:
- I start with an in-depth needs analysis to understand the functional requirements of the application.
- I then use frameworks and libraries (a set of reusable functions and classes that simplify and speed up software development) that are recognised for their security.
- I carry out regular code reviews and penetration tests to identify and correct vulnerabilities.
- I set up access controls and permissions management.
- Finally, I ensure that the entire team and customers are aware of the issues through ongoing training in good security practices.
"The main threats often come from people. Even if the IT system is designed correctly, with no known flaws, there is no such thing as 0 risk".
Can you describe a project where you had to take security considerations into account right from the design stage? What technologies and practices did you use to ensure the security of the application?
One of the notable projects where I had to take security into account right from the design stage was the development of the ENGECO platform. Here are the steps and technologies I used:
- Risk analysis: identification of potential threats from the outset.
- Secure architecture: separation of roles and minimisation of attack surfaces.
- Use of HTTPS (secure version of the HTTP protocol used to secure data exchanges on the Internet) for all communications.
- Input validation and sanitation: to prevent SQL and XSS injections.
- Encryption of sensitive data: use of cryptographic libraries to encrypt data in transit and at rest.