Security Best Practices in the Software Development Lifecycle.

Designed for Product Owners and delivery leads, this quick Security Best Practice provides a summary overview of the key areas that should be considered/included when structuring your application development programme. In Regulated, Assured or Compliance environments, the Software Delivery Life-cycle needs to be adapted to ensure key security issues are considered ( not just the platform, or the application or the code ). Each of these points identifies a stream/thread of activity, that will lead to a range of controls (technical or Administrative) - these need to be tailord to your risks - but this checklist provides a simple view that can be used by Programme Architects and business/service owners to check that key areas are being considered and managed.

1. Design Secure Applications

Design security into applications from the start by incorporating security best practices, as well as identifying and addressing potential vulnerabilities and risks throughout the development process.

2. Develop Secure Coding Practices

Use secure coding techniques and tools to help prevent malicious code from being introduced into applications.

3. Testing and Validating Applications

Test application code for security flaws and verify that applications meet the design requirements for security controls.

4. Deploy Secure Application Configurations

Configure applications securely in order to reduce the attack surface and take advantage of any built-in security features.

5. Maintain an Ongoing Security Program

Establish a comprehensive security program that includes regular monitoring, testing, patching and auditing of applications in order to identify any potential vulnerabilities or changes in user behavior that could indicate a breach has occurred.

6. Track Security Progress with Metrics & Reporting

Track application security progress over time by using metrics and reporting to measure the effectiveness of the organization’s security program.

As part of our Enterprise and Application Development Best Practice set, this checlklist provides further support to Delivery teams, Product Owners, and Programme Architects to help enhance your security position, ensure you are considering the key dimensions in securing your SDLC, and improve your delivery maturity.