Ideally, for any application, security is a process that is incorporated throughout the application's development life cycle. Security checks throughout the life cycle should include:
- A risk profile to determine the risk of an application to the organization.
- Defining specific security requirements to use throughout the project.
- A security design review
- A security code review
- A proper security test plan
- A penetration test.
By implementing these security measures, you will produce a much more secure application in the long run, at a much lower cost than trying to add security onto an application at the end.More information:
This was first published in September 2006