Data Protection Security School

How to build secure applications

Diana Kelley, Security Curve
In this Data Protection Security School lesson, learn how to build security into the software development lifecycle, implement a practical, efficient change management system and test your applications using a black-box or white box technique.

About the author:
Diana Kelley is a partner with Amherst, N.H.-based consulting firm SecurityCurve. This lesson also features special guest contributor Ed Moyle, a partner with SecurityCurve.

In this part:

Video: Software Reliability: Building Security In

Fixing software security vulnerabilities during development is expensive, difficult and time-consuming. But fixing them after deployment is far more expensive and counterproductive. In this video, learn state-of-the-art techniques for building a secure software development process. Find out when to use source code analysis and when to use binary analysis, why integrity, availability and confidentiality must be taken into account and how to continue the process after deployment. And find out why automated tools can’t catch every problem and what to do about it.

Tip: Black box and white box testing: Which is best?

There's no question that testing application security is essential for enterprises, but which is better: black box security testing or white box security testing? Learn more in this expert tip.

Podcast: Selling security in the SDLC

Building security into the software development lifecycle takes more than just a plan. You’re going to need the support and involvement of both the development and security/audit organizations in order to make it work, and that will take some work. This podcast will help you develop a plan for selling the value of security to all of the constituencies who matter in your organization, from the executive suite down to the developers and testers.

Quiz: How to build secure applications

Use this five-question quiz to test your knowledge of how to secure your enterprise apps.

Take the quiz