Architecture

We employ a multi-tier application design to ensure application security and robustness. All components are distributed across multiple instances deployed within private networks to prevent communication with the outside world except via our load balancer with a single open port (443 HTTPS).

Coding Practices

We have documented development and QA processes to ensure the code quality of our application. Bugs are fixed before new work commences and new features are developed to well-defined specs. We follow industry standard guidelines such as OWASP and all code is subject to peer code review before being released for QA.

We score 10 out of 12 on the Joel test, missing only point 11.

Version Control

All code, including infrastructure automation, is stored in secure source control repositories.

Automated Testing

A complete suite of unit and end-to-end tests is maintained for all application components. These tests are run automatically when new code is pushed to the source control repository and all developers are notified of failing tests.

Quality Assurance Testing

All new features and code are subject to extensive testing on a staging environment prior to production deployment. New features are also regularly demoed internally during development, meaning that new code has been rigorously tested multiple times before release.