OFFERS
Deployed software is continuously under attack. Hackers have been exposing and exploiting vulnerabilities for decades and seem to be increasing their attacks. This paper describes complete lifecycle activities aimed at producing more secure and robust code that can better withstand attack.
Traditional perimeter defenses are increasingly unable to stop software attacks as more and more hackers focus on the software layer and shy away from attackes against the system and networking layer. Firewalls, intrusion detection and antivirus systems simply cannot solve this problem. Only a concerted effort byt the software development community to produce more robust and reliable applications will foil attackers and allow our users and stakeholders to feel confident that they are protected from exploitation.
Secure software is a software development problem. Its solution is the responsibility of every member of the software development team –from managers and support staff to developers, testers and IT staff. Security must be on everyone’s mind throughout every phase of the software lifecycle. A misstep in any phase can have severe consequences.
However, finding a solution is not easy. The problems associated with application security are getting worse with time. Aging legacy software, which was never developed to be secure, is the foundation on which modern, highly connected and business-critical software is operating. The difficulty of patching these older systems and integrating new applications has served to make the problem worse.
We need to find a better way to think about software development and develop a new understanding of the engineering processes required to write robust and secure applications, whether they are web-based, server software, or client-side applications.
It is crucial that each phase of the software development process include the appropriate security analysis, defenses and countermeasures that will result in more secure released code. From requirements through design and implementation to testing and deployment, security must be integrated throughout the Software Development Lifecycle (SDLC) in order to provide the user community with the best, most secure software-based solutions.
Software Development and Security
Developing successful software in the 21st century requires a paradigm shift. Rather than adopt the 20th century attitude that software is made to solve problems and people will use it for the greater good, developers need to take the position that their software will be attacked the second it is deployed and they must build applications that can defend themselves in a hostile environment. Developers must consider software security an integral part of the application development process, not an afterthought.
To download pdf version of this paper, click on link below
If you're interested in this topic, these articles may be helpful:
 | Source code for XML security layers, part 1: basic plumbing technologies by Manish Verma, principal architect, Second Foundation. First publ... |
| Wireless application security: what's up with that? from Intel Corp. The world of mobile data presents many uniqu... |
| Mask your Web server for enhanced security by Joe Lima, director of product development, Port80 Software Inc. ... |
| Adding Security to your Web Services Digital Signatures, Part 2 This demo shows how to expose a simple Java™ class as a Web serv... |
| Network Security with OpenSSL: Cryptography for Secure Communications by John Viega, Matt Messier, and Pravir Chandra. O'Reilly Media In... |
Related Jobs:
