Library tutorials & articles
Effective Controls for Attaining Continuous Application Security Throughout the Web Application Development Life Cycle
- Learn How to Improve Web Application Security Throughout the SDLC
- Secure Web Application Development: People, Process, and Technology
- Essential Elements of Secure Software Development Life Cycle Processes
- How Technology Helps Enforce and Maintain the Secure SDLC
- Put Baselines in Place (But Keep it Simple in the Early Days)
Learn How to Improve Web Application Security Throughout the SDLC
Given the choice, every organization would want secure Web sites and applications from the Web application development phase all the way through the software development life cycle. But why is that such a challenge to attain? The answer is in the processes (or lack thereof) that they have in place.
While individual and ad hoc Web application security assessments certainly will help you improve the security of that application or Web site, soon after everything is remedied, changes in your applications and newfound vulnerabilities mean new security problems will arise. So, unless you put into place continuous security and quality assurance controls throughout the software development life cycle, from the initial phases of Web application development through production, you're never going to reach the high levels of ongoing security you need to keep your systems safe from attack--and your costs associated with fixing security weaknesses will continue to be high.
In the first two articles, we covered many of the essentials you need to know when conducting Web application security assessments, and how to go about remedying the vulnerabilities those assessments uncovered. And, if your organization is like most, the first couple of Web application assessments were nightmares: reams of low, medium, and high vulnerabilities were found and needed to be fixed by your web application development team. The process required that tough decisions be made on how to fix the applications as quickly as possible without affecting systems in production, or unduly delaying scheduled application rollouts.
But those first few web application assessments, while agonizing, provide excellent learning experiences for improving the software development life cycle. This article shows you how to put the organizational controls in place to make the process as painless as possible and an integrated part of your Web application development efforts. It's a succinct overview of the quality assurance processes and technologies necessary to begin developing applications as securely as possible from the beginning, and keeping them that way. No more big surprises. No more delayed deployments.
Caleb Sima is the former co-founder and CTO of SPI Dynamics, which was acquired by HP Software in August 2007. He is now responsible for directing the lifecycle of the HP's Web application security...
Related articles
Related discussion
-
Not able to launch the web application
by NaseemAhmed (0 replies)
-
Impersonation failing for a user.
by mittalpa (0 replies)
-
Trial Period Expire In VB6
by pavneet9 (0 replies)
-
Software Security
by pavneet9 (0 replies)
-
NSA demonstrates how to create secure code
by umit123 (0 replies)
Related podcasts
-
Beyond Ajax - Java Rich Internet Applications
AJAX is great for many applications, but not for all. When applications get large, need to scale, or require superior security, Java-based Rich Internet Applications (RIA) are preferable. There is a simple reason for this: Java offers the most advanced, most standardized, and most reliable cr...
Events coming up
-
Dec
2
Web Standards Group (Sydney)
North Sydney, Australia
TBA
This thread is for discussions of Effective Controls for Attaining Continuous Application Security Throughout the Web Application Development Life Cycle.