Library tutorials & articles
Effective Controls for Attaining Continuous Application Security Throughout the Web Application Development Life Cycle
- Learn How to Improve Web Application Security Throughout the SDLC
- Secure Web Application Development: People, Process, and Technology
- Essential Elements of Secure Software Development Life Cycle Processes
- How Technology Helps Enforce and Maintain the Secure SDLC
- Put Baselines in Place (But Keep it Simple in the Early Days)
How Technology Helps Enforce and Maintain the Secure SDLC
Human nature being what it is, people tend to slip back into their old sloppy ways if new behaviors (the software development life cycle processes we discussed earlier) are not enforced. That's where technology can play a role. The right tools not only help to automate the security assessment and secure coding process; they also can help keep in place the Web application development framework necessary for success.
As discussed in the first article of this series, at the very minimum you'll need a Web application security scanner to assess your custom-built as well as your commercially-acquired software. Depending on the size of your Web application development team, and how many applications you're working on at any given time, you'll want to consider other tools that will improve your software development life cycle processes as well. For instance, quality and assurance tools are available that integrate directly into application performance and quality testing programs that many organizations already use, such as those from IBM and HP. With this integration of security into quality and performance testing, quality assurance teams can concurrently manage functional and security testing from a single platform.
Caleb Sima is the former co-founder and CTO of SPI Dynamics, which was acquired by HP Software in August 2007. He is now responsible for directing the lifecycle of the HP's Web application security...
Related articles
Related discussion
-
protect your images on computer
by meiling277869 (2 replies)
-
Not able to launch the web application
by NaseemAhmed (0 replies)
-
Impersonation failing for a user.
by mittalpa (0 replies)
-
Trial Period Expire In VB6
by pavneet9 (0 replies)
-
Software Security
by pavneet9 (0 replies)
Related podcasts
-
Beyond Ajax - Java Rich Internet Applications
AJAX is great for many applications, but not for all. When applications get large, need to scale, or require superior security, Java-based Rich Internet Applications (RIA) are preferable. There is a simple reason for this: Java offers the most advanced, most standardized, and most reliable cr...
Events coming up
-
Dec
2
Web Standards Group (Sydney)
North Sydney, Australia
TBA
This thread is for discussions of Effective Controls for Attaining Continuous Application Security Throughout the Web Application Development Life Cycle.