Recent attacks against major players in Telecommunication and Financial Services industries have shown that security is still a topic we need to work on. For a long time companies have not realized the urgent need for improvement. Last months privacy issue happened to a Telco company in Switzerland or the SWIFT based attacks in which massive amount of money transferred to hackers underpinned the criticality.
Application security starts with the first line of code written for your applications. According to research, 3 of 4 attacks happens on the application layer. They are using leaks in the application which are allowing cyber thefts to get unauthorized access or to execute critical functions.
Make sure that a secure software development process is in place, code review will be executed regularly, high and medium risk issues will be fixed, functional security tests are in place, and penetration tests will be performed on pre-production stages.
Personally speaking, secure code reviews are an essential pillar because they help you to eliminate security issues at their root – the source code.
Feel free to use my application security cheat sheet for your reference.