Background
A study commissioned by Coverity Inc - "The Software Security Risk Report” - reveals the details of application security incidents experienced by North American and European web app development companies in the last 18 months.http://news.softpedia.com/news/Report-51-of-Web-App-Developers-Experienced-Security-Incidents-in-Last-18-Months-293993.shtml
The figures from the report show that 51% of the respondents had at least one incident in the past one and a half year. 18% of these firms reported losses of over $500,000 (400,000 EUR), while 8% claim to have lost twice as much. In a few situations, the affected organizations lost over $10 million (8 million EUR).
It appears that secure development practices aren’t employed by too many web app creators. Only 42% follow secure coding guidelines and only around a quarter use threat modeling or a library of approved and banned functions.
Code auditing before integration testing is performed by less than half of the interviewed companies and only 17% of them verify their products during development.
Over 70% of them state that they don’t have funds and the right technology in order to address security issues and 41% blame time-to-market pressure for not being able to push security into development.
Secure Software Development
Secure Software development is a process that helps with the design and implement of secure software that protects data and resources accessed through the software.
Tools and techniques
- Common weaknesses enumeration
- Security architecture/design analysis
- Logic analysis
- Data analysis
- Interface analysis
- Constraint analysis
- Secure code reviews, inspections, and walkthroughs
- Informal reviews
- Formal reviews
- Inspections and walkthroughs
- Security testing
These tools and techniques can be effective how to maximise the effectiveness the development of software should take place under a Secure Development Life-cycle, where security is designed in during requirements and followed through at every stage of software development.
Best Practices
- Protect the Brand Your Customers Trust
- Know Your Business and Support it with Secure Solutions
- Understand the Technology of the Software
- Ensure Compliance to Governance, Regulations, and Privacy
- Know the Basic Tenets of Software Security
- Ensure the Protection of Sensitive Information
- Design Software with Secure Features
- Develop Software with Secure Features
- Deploy Software with Secure Features
- Educate Yourself and Others on How to Build Secure Software
No comments:
Post a Comment