The Path to a Secure Application: A Source Code Security Review Checklist
- Source:
- Security
- Published:
- Apr 13, 2009
- Pages:
- 16
The path to creating a secure application begins by rigorously testing source code for any and all vulnerabilities, to ensure the application will not compromise, or allow others to compromise, data privacy and integrity.
For companies using custom-built, outsourced, or open source applications in-house, ensuring all current and legacy code is secure, however, will be no small challenge. Detecting and eradicating security vulnerabilities has historically been extremely difficult. Many organizations relied on manual code review, which is costly and labor-intensive, as well as penetration testing, which examines only a subset of potential application vulnerabilities in an application.
While both of these approaches have their uses, automatic software vulnerability scanning tools now allow companies to approach secure code development in a more systematic, automated, and successful manner. These automatic vulnerability scanning tools greatly improve the speed and accuracy of code review, and may be integrated seamlessly into the development lifecycle. In fact, the best tools can pinpoint each vulnerability at the precise line of code and provide detailed information about the type of flaw, the risk it poses, and how to fix it.
Other Security White Papers
Re-engineering Legacy to Web Application
Reengineering of software is described as the examination and alteration of a system to reconstitute in a new form. The approach is to renovate and extend the current application into new technology to best support the needs of the current business. Application modernization should be achieved by leveraging the existing investment in application infrastructure and reposition the product advantageously for the future. The challenge on hand is to convert legacy application to web application by reengineering legacy components to re-usable components. The web application can be easily integrated with web technologies.
- Application Modernization And Migration Trends In 2009/2010
- Application Modernization: Three High Payback Strategies
- A Case For Better Project Estimation & Planning And Estimating From Use Casess
- Progress Apama in Manufacturing – Complex Event Processing for Driving Bottom-Line Results
- The ROI of Defragmenting the Windows Enterprise
- Linux Adoption in a Global Recession
- Inside the Emerging World of Open Source Virtualization
- 8 Ways On-site Service can Drive Revenue Now
- Virtualization : Into the Great Wide Open (Source)
- Novell’s Integrated Stack for SUSE Linux Enterprise
- Symantec State of the Data Center Report 2007
- 8 Ways On-site Service can Drive Revenue Now
- Microsoft Dynamics RoleTailored Interface Business Productivity
- Your Enterprise Is Only as Secure as Your Macs
- A Window Into Mobile Device Security
- Computing as a Service - Securing Enterprise Cloud
- Web Threats 2010: The Risks Ramp Up
- Build vs. Buy: The Hidden Costs of License Management
- Protecting personally identifiable information: What data is at risk and what you can do about it
- Top Ten Web Threats and how to eliminate them
