One of the key reason for vulnerabilities in the applications are lack of secure design, development, implementation, and operations. Relying solely on post-development audits for security is inadequate. Instead, security must be an inherent and integral aspect, seamlessly integrated into the application’s design and development lifecycle. Organization should incorporate secured application development practices and application owners should ask for adherence to the best practices highlighted in this document and should not only rely on the post audit. By adhering to these guidelines, applications can be developed with built-in security measures making it difficult target for security breaches and exploitation.
The guidelines have been divided into four phases, as depicted in Figure 1 below. After the adoption of secure application design and development guidelines, the application can undergo both source-code review and black-box testing by CERT-In empaneled auditing organization to identify any lapses / vulnerabilities in implementation of the security practices in the application. Key findings and recommendations in the guidelines are mined from the field data analysis of audits conducted by CERT-In empaneled auditing organizations.
Views: 0
