Sidebar
en:security:software:start
Book Creator
Add this page to your book
Add this page to your book Book Creator
Remove this page from your book
Remove this page from your book 
Manage book (
Help Software security
- Software-based threat modelling (“a structured approach that enables you to identify, quantify, and address the security risks associated with an application”)
- Many attacks on organisational applications come from inside the network.
- Intrusion detection techniques will not work when the problem is poor input validation in the application.
- Network and host security can help fight the symptoms of the problem where the source of the problem is in the application source.
- Lock down the development and production environment.
- Carefully implement an authentication mechanism to control which users are allowed to access which data.
- Design to allow locked-down clients to interact with the application.
- Security is a process and not a product. Secure software is the result of security aware software development processes where security is built in and thus software is developed with security in mind. Integrate security into the entire software development life-cycle.
- Use a broad mix of tools, methods, techniques and processes to find and prevent weaknesses.
- Use libraries and frameworks that make it easier to avoid introducing weaknesses.
- Use protocol algorithms that are currently considered to be strong by experts in the field, and select well-tested implementations.
en/security/software/start.txt · Last modified: 2019/11/30 10:30 by Digital Dot
