Software-based threat modelling (“a structured approach that enables you to identify, quantify, and address the security risks associated with an application”)
Many attacks on organisational applications come from inside the network.
Intrusion detection techniques will not work when the problem is poor input validation in the application.
Network and host security can help fight the symptoms of the problem where the source of the problem is in the application source.
Lock down the development and production environment.
Carefully implement an authentication mechanism to control which users are allowed to access which data.
Security is a process and not a product. Secure software is the result of security aware software development processes where security is built in and thus software is developed with security in mind. Integrate security into the entire software development life-cycle.