Ask the Expert

Basics of application security

What primary activities should enterprises implement to ensure the security of their applications?

Requires Free Membership to View

All enterprises should be 1) offering employees best practices training, 2) establishing security throughout the software development life cycle (SDLC), and 3) establishing a policy of defense-in-depth.

Employee Training: A well-educated staff is vital to the success of any security program as humans are most often the weakest link. Training your staff returns greatly because education fosters a culture of security self-regulation. The results will be fewer bugs, fewer design flaws, and fewer simple mistakes often causing financial loss.

Security in the SDLC: The fast-paced world of online business requires organizations to constantly develop new Web-based promotions, products and services for attracting customers. This creates a high-pressure environment for new Web application code. Push now or die is the mantra. To maintain control and business flow, it is important to establish a process of secure code throughout the SDLC.

Defense-in-depth: Defense-in-depth is an industry best practice of building in multiple layers of security. Should any layer become breached, there is another layer preventing compromise. Because, let's face it, software has bugs and systems have weaknesses. By adding overlapping layers of security (input validation, database layer abstraction, server configuration, proxies, Web application firewalls, encryption, OS hardening, etc.), combined with frequent testing, the risks associated with security lapses are significantly diminished.

This was first published in January 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: