Application security initiatives typically start with efforts to identify which activities make sense for a particular company's culture and development process. Generally, assessments of key applications and developer training are good places to gather the necessary data. Based on this data and analysis of the organizational root causes of issues identified, targeted improvements can be made. The first targeted improvement might focus on process improvements such as integrating security requirements, threat modeling and security testing. Or it might target supporting technology, such as vulnerability analysis tools, development environment additions, or security issue management tools. In some organizations, the right first step is organizational, establishing an application security team to support a large number of projects.
Dig Deeper on Building security into the SDLC (Software development life cycle)
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.