Software development does not always follow a well-structured process. Some companies tend to give developers more flexibility than others, which often results in critical vulnerabilities and high rework activities. Therefore, independent whether your projects follow agile or waterfall development principles, you shall apply some basic secure software development principles to avoid security loopholes.

The first one being, do not reinvent the wheel!

It might be that you have excellent ideas when it comes to encryption, authentication or authorization but the risk related to your self-made function in that area is obviously too high. Use only standardized encryption, authentication and authorization frameworks.

The second one being, that the input and output should be validated!

Nowadays, application-based attacks are one of the biggest security concerns. Due to their nature, those incidents are often difficult to detect because a firewall or intrusion detection system cannot distinguish between a real user and an application layer attack. Therefore, we should always validate all input independent from its origin. Also, we should also scan output prior sending it to the user.

The third one being, that prepared statements should be used!

Database access is a very attractive target of global cyber security attacks. Several big players have become a victory of database related so-called SQL injection attacks recently. If your developers exclusively use prepared statements for database access, your application will be robust against this critical attack.

The last one being that regular code scan should be scheduled!

Security issues must be eliminated from the root, the source code. Only secure code scans according to security standards such as OWASP top 10 or SANS top 25 will help you to identify and eliminate critical issues in your code during software development.

All things considered, the basic best practices mentioned above will push your software development projects towards security. Also, OWASP provides excellent background information for secure software development.

Advertisements

Posted by JM

Resourceful, solution-focused and intuitive reliability engineer with over 15 years of demonstrated success in architecting, developing and maintaining effective testing and monitoring solutions. Offers a wealth of knowledge and experience surrounding modern application architecture and development of best practices.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s