Secure Application Development
By Adrian LaneSecure application development is about building secure software. Most security products offer band-aid protection for existing applications: they filter, block, or proxy communications to/from applications that are incapable of protecting themselves. We want to get away from this “Features first, security second” model and code applications that are self-reliant and can protect themselves.
The secure code movement is in its infancy. There are different processes, training programs, and tools to aid the development of secure applications – which we will cover here. We will also reference some of the OWASP and Rugged Software projects.
Papers and Posts
- FireStarter: Agile Development and Security
- Comments on Microsoft Simplified SDL
- Rock Beats Scissors, and People Beat Process
- FireStarter: Secure Development Lifecycle – You’re Doing It Wrong
- Structured Security Program, Meet Agile Process
- FireStarter: For Secure Code, Process Is a Placebo – It’s All about Peer Pressure
- Are Secure Web Apps Possible?
- Clickjacking Details, Analysis, and Advice
Presentations
Podcasts, Webcasts, and Multimedia
We do not currently have multimedia for this topic.
Vendors
We’ll include white and black box analysis, fuzzing, and tools vendors. This list is currently evolving, and we’ll include other firms as time permits.
- Cigital
- HP (SpiDynamics, Fortify)
- IBM (Ounce)
- Veracode
- WhiteHat Security
Comments