Introduction: Security Awareness and Application Development
Developing applications and software products for a company requires security awareness on many levels. Developers need to understand how their application will be used and how it will fit in with the rest of the organization’s infrastructure. This is because the way that the organization deals with existing security policies needs to be considered. Basic concepts such as remote connections, Internet exposure and update cycles all fall under security awareness principles.
Anyone that has ever had an internal development team working with them at a company will know that security awareness is not something that most developers consider their responsibility. Developers will generally make sure that the security features of the application are integrated into the program, but not necessarily consider how the application performs from a security-awareness perspective. Security awareness is often seen as more of a user issue, making it something for IT to deal with rather than the developer’s concern.
Some of these kinds of security awareness features do actually relate to user-oriented functions and could help to lock down the application even further, making it safer. Some examples are basic features like automatic logouts after a certain time period, mandatory password change cycles that force users to update their current passwords, and application settings lockdowns, which prevents users from changing settings that could affect the security of the application.
Back-end security awareness is equally, if not even more important. Developers must understand how their application’s data is transmitted, and what information is available within these transmissions. If the program needs vast amounts of data to be queried from a database then it must be locked down correctly so that it cannot be intercepted, altered, and then sent to the server or client with malicious content.
These tips will cover some (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Graeme Messina. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/lfcyX9Dq43w/