Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Basics of application security

What primary activities should enterprises implement to ensure the security of their applications? SearchAppSecurity site expert Jeremiah Grossman offers some advice.

What primary activities should enterprises implement to ensure the security of their applications?
All enterprises should be 1) offering employees best practices training, 2) establishing security throughout the software development life cycle (SDLC), and 3) establishing a policy of defense-in-depth.

Employee Training: A well-educated staff is vital to the success of any security program as humans are most often the weakest link. Training your staff returns greatly because education fosters a culture of security self-regulation. The results will be fewer bugs, fewer design flaws, and fewer simple mistakes often causing financial loss.

Security in the SDLC: The fast-paced world of online business requires organizations to constantly develop new Web-based promotions, products and services for attracting customers. This creates a high-pressure environment for new Web application code. Push now or die is the mantra. To maintain control and business flow, it is important to establish a process of secure code throughout the SDLC.

Defense-in-depth: Defense-in-depth is an industry best practice of building in multiple layers of security. Should any layer become breached, there is another layer preventing compromise. Because, let's face it, software has bugs and systems have weaknesses. By adding overlapping layers of security (input validation, database layer abstraction, server configuration, proxies, Web application firewalls, encryption, OS hardening, etc.), combined with frequent testing, the risks associated with security lapses are significantly diminished.

Dig Deeper on Building security into the SDLC (Software development life cycle)

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.