dcsimg

Implementing an Application Security Policy: Nine Key Questions

  • Implementing an Application Security Policy: Nine Key Questions

    Implementing an Application Security Policy: Nine Key Questions-

    Security professionals typically use a different, security-centric process that is outside of normal development. This does nothing more than stop development efforts and make developers suffer missed deadlines, limited innovation and lost scalability. Security experts need to engage developers and get them excited about security. We have to test applications as they’re developed; we need to adapt to their processes. We should not be using different languages, different methods or going outside of the proven processes that developers use – especially not six months (or more) after they’ve closed development on a project and moved onto the next application.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11

Implementing an Application Security Policy: Nine Key Questions

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
  • Implementing an Application Security Policy: Nine Key Questions-3

    Security professionals typically use a different, security-centric process that is outside of normal development. This does nothing more than stop development efforts and make developers suffer missed deadlines, limited innovation and lost scalability. Security experts need to engage developers and get them excited about security. We have to test applications as they’re developed; we need to adapt to their processes. We should not be using different languages, different methods or going outside of the proven processes that developers use – especially not six months (or more) after they’ve closed development on a project and moved onto the next application.

There has been a lot of news lately about high-profile attacks on Web applications. Hackers employ tactics like cross-site scripting (XSS) and SQL injections, which have been around for more than 20 years. Yet, both are prevalent attack vectors now more than ever before - which makes it that much more important for organizations to have a formalized application security policy for their developer teams.

John Jacott, security evangelist for Coverity, which offers a development testing platform, sheds some insight on nine important questions that should be central to implementing an application security policy in any organization.