AppSec 2016 Playbook: A Beginner’s Guide to Secure Development

AppSec 2016 Playbook: A Beginner’s Guide to Secure Development

Oct 05, 2016 By Paul Curran

As a part of our ongoing initiative to help “Developers Vote Security” for 2016’s National Cyber Security Awareness Month, Checkmarx has published our Application Security Guide for Beginners as a detailed and concise resource that covers the key concepts and top keywords in the field of application security. From what is needed to create a secure software development lifecycle (SDLC) to the top threats facing applications and their consequences, this quick playbook covers it all when it comes to secure coding practices. This guide to secure development is divided into four categories: Code Development Methodologies, Code, Application Security Solutions and Common threats and their impacts.

A Beginner’s Guide to Secure Development: A Quick Look at what is Inside

Code Development Methodologies – This secure programming section details the software development lifecycle (SDLC) and what is needed to properly create a secure software development lifecycle (sSDLC). You will also get a quick overview of the waterfall method vs the agile model in addition to a brief introduction to static application security testing

Code – In the code section, you will find a high-level look at frameworks, bug tracking systems, build systems, source code repositories, microservices and more.

Application Security Solutions – From static application security testing (SAST) to dynamic application security testing (DAST) and runtime application self-protection (RASP), here we cover the key concepts and solutions when it comes to application security testing.

Common Application Security Threats and their Impact – Here, you will find a detailed breakdown of the top security threats according to OWASP which covers both the attack vector used by the threat as well as the impact these exploits can have on the end-user, the application’s functionality and organization as a whole.

What is a Secure SDLC?

Secure SDLC is a process where security touch points are added to each stage of the SDLC.SecureSDLCapplies security best practices to ensure that applications are secure upon release while fitting into any developer’s continuous integration workflow.

Static Application Security Testing with a Secure SDLC

Static Applications Security Testing (SAST) is one of the driving forces behind the secure SDLC. SAST empowers developers to deliver secure applications by seamlessly integrating with their development processes and environments. In a secure SDLC, SAST solutions detect vulnerabilities which may expose the application to security risks and breaches.

Top Threats According to OWASP

  • SQL Injection
  • Cross Site Scripting (XSS)
  • Clickjacking (UI redress attack)
  • Cross Site Request Forgery (CSRF)
  • Path Traversal (Directory Traversal)

 

Developers Vote Security: Checkmarx’s 2016 National Cybersecurity Awareness Month (NCSAM) Online Initiative

This October 2016, Checkmarx is celebrating National Cybersecurity Awareness Month (NCSAM) with content focused on educating and empowering developers about secure coding practices under the slogan “Developers Vote Security.”

As more and more organizations across all verticals speed up their development and adopt DevOps, the responsibility of security is increasingly falling into the hands of the developers during the development stages of the SDLC as the windows for security testing in the later stages continue to shrink.

 

jumping 1

Read how you can accelerate your organization’s application security in our NCSAM interview with Dan Cornell here.

The following two tabs change content below.

Paul Curran

Content Specialist at Checkmarx
With a background in mobile applications, Paul brings a passion for creativity reporting on application security trends, news and security issues facing developers, organizations and end users to Checkmarx's content.

Latest posts by Paul Curran (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.