Dark Reading shares an informative approach to improve application security during development


QUOTE: While application security cascades into just about every facet of IT security today, many enterprises have a difficult time implementing sustainable application security programs that offer measurable benefits to the business. A general disconnect between security goals and the profit motives of development teams can cause insurmountable conflict between infosec teams and developers, with line of business leaders all too ready to side with money-making dev teams nine times out of 10.

1. Thou Shall Execute App Security At The Speed Of Business

2. Thou Shall Not Architect Security

3. Thou Shall Evolve Your Testing Methodologies

4. Thou Shall Not Surprise Dev Teams

5. Thou Shall Test Apps In Production (Application security testing shouldn’t stop in QA)

6. Thou Shall Not Let Frameworks Replace Common Sense

7. Thou Shall Put Vulnerabilities In Proper Context

8. Thou Shall Not Give Developers Rampant Access To Live Customer Data

9. Thou Shall Use A Web application firewall With A Plan

10. Thou Shall Not Blame The Developers