As Halloween approaches, everyone is searching for the scariest costume to outdo their friends at this year’s work party. But teams of developers aren’t haunted by your typical ghosts, witches, and vampires. So what are developers’ really afraid of?
What really frightens them are the different security mistakes that they can make on a daily basis which can haunt their team for years to come, generating unwanted vulnerabilities in the software and technical debt for ages.
When a hack hits, the headlines everyone focuses on who and what was hit because numbers and big names are tantalizing the most important detail of a hack that should be of interest is the “how” and when it comes to open source vulnerabilities people tend to point fingers at the different mistakes made. Common development mistakes become the helping hand for hackers to infiltrate web applications and more.
As we are in the Halloween mood, here is the 5 scary mistakes that are continuously haunting your developers.
Prolonging Security till the end of the Project
The first and most common mistake is the assumption of leaving security til the end. Sure you need to perform checks at the end, but why wait for all the issues to accumulate and jump out at your team at the very end?
For every organization, the importance of having a security plan in place from the beginning of the development process is a must. Adopting a shift-left mentality allows your developers to find issues earlier in the development process when they are much easier and cheaper to fix.
Providing the proper attention to security allows developers to adopt a secure architectural and design approach, which in turn helps them to secure their code at every stage of the SDLC.
*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Zev Brodsky. Read the original post at: https://resources.whitesourcesoftware.com/blog-whitesource/5-scary-security-mistakes