Following are top 5 areas to consider while setting up secured application development practices:
- Security Training: The developers have to be given continuous training on application security. In this regard, OWASP Top 10 security related recommendations is of great help and a great place to start. This is primarily applicable for web applications. However, most of it also applies to general application. The security training is applicable for all stakeholders of the project including business analyst, project managers, architect, developers and testers.
- Threat Modeling: This is the most important aspect of all. This primarily consists of following important steps:
- Threat classification: Following are some of the key threats one can take into consideration:
- Spoofing identity
- Tampering with data
- Repudiation
- Information disclosure
- Denial of service
- Elevation of privilege
- Vulnerabilities identification and prioritization
- Identifying and documenting the attack surfaces
- Threat classification: Following are some of the key threats one can take into consideration:
- Secure Coding Techniques: Developers need to have a developers’ coding checklist consisting of coding standards and guidelines, by their side when doing coding for quick reference.
- Security Code Reviews: Code reviews are integral part of delivery of high quality code. Different techniques can be used for code reviews including some of the following:
- Manual code review: With a secured code review checklist consisting of areas to look for in relation with security and a developer with security awareness, one can have team do the manual code review in relation with security in .
- Automated code review: One can use different tools such as Sonar to achieve the state of automated code review. The key thing is to identify security related rules which will be tested on every run. In tools such as Sonar, one can configure security related rules and keep a watch on non-conformance against those rules on every run.
- Security Testing: One has to consider various different test case scenarios in relation with security testing.
I have been recently working in the area of Data analytics including Data Science and Machine Learning / Deep Learning. I am also passionate about different technologies including programming languages such as Java/JEE, Javascript, Python, R, Julia, etc, and technologies such as Blockchain, mobile computing, cloud-native technologies, application security, cloud computing platforms, big data, etc. I would love to connect with you on Linkedin.
Check out my latest book titled as First Principles Thinking: Building winning products using first principles thinking.
Check out my latest book titled as First Principles Thinking: Building winning products using first principles thinking.
Latest posts by Ajitesh Kumar (see all)
- Agentic Reasoning Design Patterns in AI: Examples - October 18, 2024
- LLMs for Adaptive Learning & Personalized Education - October 8, 2024
- Sparse Mixture of Experts (MoE) Models: Examples - October 6, 2024
I found it very helpful. However the differences are not too understandable for me