Security in developing applications


Security aspects take on even greater importance as applications are increasingly shifted to the Internet in both a communication sense, as well as their physical location. To create the most secure application, security must be taken into consideration in each phase of the development cycle. Security must be understood above all as a process, and it is from this view that security is to be approached in development. For instance, a target-specific methodology that serves as a guide for the implementation of security to the developed application should be used.

Our specialists can provide the organization with effective assistance, especially in creating a specific methodology for developing the software. This methodology contains security mechanisms applicable for all phases of the development cycle – from the initial analysis and determination of (security) requirements to the developed application to testing and launch of the application into operation.

In creating the methodology we start with the currently used project methodology and current development of customer processes (including processes related to planning and organization), to which security principles and mechanisms will be included and the existing processes will be modified to feature the proven principles of secure development customised to the customer's environment and to the currently developed application.

Select principles of secure development:

  • Principle of least privilege.
  • Division of responsibilities.
  • Don’t trust infrastructure.
  • Principle of defence in depth.

The following norms and other materials can be used as a gauge in implementing security into development:

  • ISO/IEC 27000 Series (27034 – Guidelines for application security)
  • Common Criteria (ISO/IEC 15048)
  • NIST
    –  SP 800-64 - Security Considerations in the System Development Life Cycle
    –  SP 800-53 - Recommended Security Controls for Federal Information Systems and Organizations
  • OWASP
  • CLASP (Comprehensive, Lightweight Application Security Process)


The main benefit of this service is development and production of secure SW. The created methodology always determines the specific processes and principles whose implementation to the developed applications will significantly reduce the risk of occurrence of possible vulnerabilities and security weaknesses.

Contact

Ask for further details or quotation:
Ms. Hana Vystavelova
AEC e-mail addreeses are in form: firstname.surname@aec.cz