Q

Basics of application security

What primary activities should enterprises implement to ensure the security of their applications? SearchAppSecurity site expert Jeremiah Grossman offers some advice.

What primary activities should enterprises implement to ensure the security of their applications?
All enterprises should be 1) offering employees best practices training, 2) establishing security throughout the software development life cycle (SDLC), and 3) establishing a policy of defense-in-depth.

Employee Training: A well-educated staff is vital to the success of any security program as humans are most often the weakest link. Training your staff returns greatly because education fosters a culture of security self-regulation. The results will be fewer bugs, fewer design flaws, and fewer simple mistakes often causing financial loss.

Security in the SDLC: The fast-paced world of online business requires organizations to constantly develop new Web-based promotions, products and services for attracting customers. This creates a high-pressure environment for new Web application code. Push now or die is the mantra. To maintain control and business flow, it is important to establish a process of secure code throughout the SDLC.

Defense-in-depth: Defense-in-depth is an industry best practice of building in multiple layers of security. Should any layer become breached, there is another layer preventing compromise. Because, let's face it, software has bugs and systems have weaknesses. By adding overlapping layers of security (input validation, database layer abstraction, server configuration, proxies, Web application firewalls, encryption, OS hardening, etc.), combined with frequent testing, the risks associated with security lapses are significantly diminished.

This was first published in January 2006

Dig deeper on Building security into the SDLC (Software development life cycle)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close