Home - security activities monitoring, Application security, Security training, Security awareness, Security architecture, security review, CCSLP, Secure development lifecycle, SAST, DAST, Static Application analysis, Dynamic Application analysis, security assurance roadmap, security activities monitoring, secure release mangement

Governance is centered on the processes and activities related to how an organization manages overall software development activities. More specifically, this includes concerns that cross-cut groups involved in development as well as processes that are established at the organization level.

Construction concerns the processes and activities related to how an organization defines goals and creates software within development projects. In general, this include product management, requirements gathering, high-level architecture specification, detailed design, and implementation.

Verification is focused on the processes and activities related to how an organization checks and tests artifacts produced throughout software development. This typically includes quality assurance work such as testing, but it can also include other review and evaluation activities.

Security – Not just for Networks !
Criminals are targeting software.
Hackers know that you have firewalls – Not convenient to hack the network.
Hackers are targeting a new way to ‘hack’ into your systems; the new way is through applications.

Why Applications?
People are using software in every part of their lives !

The Business Impact
The ramifications of insecure software go beyond mere technology issues; there is also a definite business impact.
Not having secure software can lead to:

Financial loss
Bad publicity
Investigations and litigation
Liability (personal and corporate)
Reputation damage
Loss of brand, confidence and trust among customers, partners, shareholders and stakeholders

What is the answer ?
Success of a software assurance program within an organization is directly proportional to the support of executive management.
Security has to be ensured throughout the entire lifecycle.
All stakeholders in the software development process must be aware of common security tenets and threats.

Building secure software is a result of all the stakeholders having the appropriate levels of participation, and a security mindset in the design, development, and deployment of the software.

Stakeholders must be educated in how to build security within every phase of the lifecycle.

source: CSSLP white paper

(RSS)
Mobile Application Security and Penetration Testing

SANS Analyst Program Presents: SANS First Annual Mobile Security Survey - Thursday April 12, 2012 (1:00 PM EDT)
Featuring: Kevin Johnson and Adam SteinSponsored By: Bradford Networks ...

Report on Dynamic Application Security Testing (DAST) Solutions
Gartner published its report Magic Quadrant for Dynamic Application Security Testing (DAST) at the ...

Apple Tackling Pirated Apps (January 4, 2012)
Apple is taking steps to thwart the availability of pirated applications for the company's ...

Stateless CSRF Protection
In the era of RESTful services and rich internet applications it's important to find security ...

The Market for Dynamic Application Security Testing is Anything but Static
We?ve just published a new Magic Quadrant for Dynamic Application Security Testing (DAST) for ...

Mobile Phone Security Needs Improvement (December 27, 2011)
Research scheduled to be presented at a Chaos Computer Club convention later this week indicates ...