We strive to follow the SDL for Agile Development where applicable in our software lifecycle. Code modifications to security related modules (database access and filtering, authentication, authorization etc.) is marked for Security Review by another Team Member with the necessary training and seniority.
We use filtering and escaping libraries the validate and mitigate XSS and Injection attacks. Furthermore, large parts of our authentication and cryptography relies on proven technologies like Azure AD, Azure AD B2C and Azure KeyVault.