Categories: Application Security

Top 5 Secured Application Development Practices

Following are top 5 areas to consider while setting up secured application development practices:

  • Security Training: The developers have to be given continuous training on application security. In this regard, OWASP Top 10 security related recommendations is of great help and a great place to start. This is primarily applicable for web applications. However, most of it also applies to general application.  The security training is applicable for all stakeholders of the project including business analyst, project managers, architect, developers and testers.
  • Threat Modeling: This is the most important aspect of all. This primarily consists of following important steps:
    1. Threat classification: Following are some of the key threats one can take into consideration:
      • Spoofing identity
      • Tampering with data
      • Repudiation
      • Information disclosure
      • Denial of service
      • Elevation of privilege
    2. Vulnerabilities identification and prioritization
    3. Identifying and documenting the attack surfaces
  • Secure Coding Techniques: Developers need to have a developers’ coding checklist consisting of coding standards and guidelines, by their side when doing coding for quick reference.
  • Security Code Reviews: Code reviews are integral part of delivery of high quality code. Different techniques can be used for code reviews including some of the following:
    1. Manual code review: With a secured code review checklist consisting of areas to look for in relation with security and a developer with security awareness, one can have team do the manual code review in relation with security in .
    2. Automated code review: One can use different tools such as Sonar to achieve the state of automated code review. The key thing is to identify security related rules which will be tested on every run. In tools such as Sonar, one can configure security related rules and keep a watch on non-conformance against those rules on every run.
  • Security Testing: One has to consider various different test case scenarios in relation with security testing.
Ajitesh Kumar

I have been recently working in the area of Data analytics including Data Science and Machine Learning / Deep Learning. I am also passionate about different technologies including programming languages such as Java/JEE, Javascript, Python, R, Julia, etc, and technologies such as Blockchain, mobile computing, cloud-native technologies, application security, cloud computing platforms, big data, etc. I would love to connect with you on Linkedin. Check out my latest book titled as First Principles Thinking: Building winning products using first principles thinking.

Share
Published by
Ajitesh Kumar

Recent Posts

Agentic Reasoning Design Patterns in AI: Examples

In recent years, artificial intelligence (AI) has evolved to include more sophisticated and capable agents,…

1 month ago

LLMs for Adaptive Learning & Personalized Education

Adaptive learning helps in tailoring learning experiences to fit the unique needs of each student.…

2 months ago

Sparse Mixture of Experts (MoE) Models: Examples

With the increasing demand for more powerful machine learning (ML) systems that can handle diverse…

2 months ago

Anxiety Disorder Detection & Machine Learning Techniques

Anxiety is a common mental health condition that affects millions of people around the world.…

2 months ago

Confounder Features & Machine Learning Models: Examples

In machine learning, confounder features or variables can significantly affect the accuracy and validity of…

2 months ago

Credit Card Fraud Detection & Machine Learning

Last updated: 26 Sept, 2024 Credit card fraud detection is a major concern for credit…

2 months ago