Validating your solution before shipping
As we have progressed in our journey to secure our solution as much as possible, there are still some critical activities that must be completed before you can confidently ship your solution. These should be considered non-negotiable. Ignore them at your peril.
First is compliance integrations and testing, where you’ll confirm that your appliance meets or exceeds any government or industry standards that may be applicable within the domain it will be used. I feel this is such a crucial subject, that the entire next chapter is dedicated to it entirely.
Secondly, penetration testing (aka pen-testing) by a third party can give you peace of mind and detailed insights as to anything you may have overlooked. In this scenario, a professional ethical hacker (contractor) would leverage all the tools of the trade in an attempt to gain unauthorized access or degrade the usability of the appliance. Passing this type of testing will be a testament...
