The Challenges of a Modern Society built on Software
Due to rapid increases in dependency on everyday products, services and processes in the underlying software, secure software development is an ever-growing topic.
Any well-established company’s reputation can be damaged by the most basic malicious attacks at the drop of a hat. Security has become one of the top priorities in software delivery over the last few years and is not something that can be added, nor a product that can be bought, but rather an evolutional process that should be implemented on time and improved continuously.
Security is about mitigating risk
When an organisation ignores security issues, it will most likely expose itself to risk by making large amounts of sensitive data stored in business applications, vulnerable to being stolen or tampered with at any time by hackers.
Risk is the likelihood that a threat can exploit a vulnerability, this being a weakness or gap in a security program that provides unauthorised access to an asset. Assuming that every business depends on information, information systems can expose it to attacks by exploiting vulnerabilities that take advantage of or cause damage to an organisation or individual. Situations that inflict reputational damage on an organisation will ultimately result in far greater losses than the direct cost of the particular event.
Security shall be tacked by all professionals - from project managers to operators involved in the delivery and operational processes. Every stage is part of a Secure Software Development Lifecycle, from design to development, testing and operation.
Security issues can be detected just as any other defect. In terms of bug fixing costs, the later they’re detected in the software development lifecycle, the higher the cost for fixing them, so implementing an adequate testing strategy earlier in the development lifecycle saves effort, time and money to fix security issues.
Application Security (AppSec) refers to processes delivering more secure and resilient solutions by detecting potential security vulnerabilities in advance, from the Design to Deployment phases, and resolving them adequately.
AppSec encompasses secure:
- code created to implement web applications;
- back-end systems;
- web and applicational servers.