Things you don’t want to hear about Development of Secure Software
Two of three security breaches account to vulnerable applications. Cyber criminals use vulnerable business applications to get access to confidential data without beeing detected.
I assume that some of us are already aware of successful attacks and how to search for vulnerable applications. I don’t want to tell you too much at this time, but if you are interested, you should have a look at the Google hacking database (GHDB), which allows a convenient search for specific security loopholes.
However, some wise companies have already applied measures to protect their valuable secrets. Some businesses are focusing more on infrastructure while others fundamentally transformed their development process towards security. Based on my experience is the latter the better approach while the former often does not provide sufficient protection for application layers based attacks such as SQL injection or cross-side scripting.
All things considered, don’t wait until you become a victim of a cyber-security attack. Integrate security aspects in your development process and eliminate security vulnerabilities from the root, the source code.
In my next blog post, I will give you a detailed overview of a streamlined, secure software development process.