Many organizations view secure coding as an activity that is supposed to happen at the end of the development process....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
However, if someone testing an application at the end of the development lifecycle says an application needs recoding to ensure its security, that application will need to be reworked and retested, along with any other application that interacts with it. This constant tweaking is often far more expensive than implementing an iterative security process throughout an application development lifecycle.
If there is a field called "State," for example, there is no reason to allow <, > ;, *, --, or : as possible values. If application developers write code from the perspective of only accepting known good values, it decreases the overall cost of application development by cutting quality assurance and certification and accreditation testing.
For more help, a great framework to use is the Scalable & Agile Lifecycle Security for Applications.
Dig Deeper on Web application and API security best practices
Related Q&A from John Strand
Expert John Strand explains how to shore up security as you plan a large-scale advertising campaign.continue reading
Expert John Strand reveals two exciting trends in antivirus software.continue reading
In this expert response, John Strand explains what to do when your personal identity is impersonated online.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.