Chapter 7. Secure Development Lifecycle

Now that we have seen some of the more common attacks on applications, let’s take a look at the vital task of securing software. All of us usually focus on the functionality of our software first. We overlook security when software is first built. Very often, security only comes into the picture after the application has been developed and deployed.

But research shows that the cost and effort of fixing security weaknesses after deployment is much higher than building security into the application in the first place.

Bug EconomicsNIST Report, The Economic Impacts Of Inadequate Infrastructure For Software Testing, 2002.

Figure 5. Bug Economics[41]

Figure 6. The cost of fixing bugs[42]

Having said that, please note ...

Get Application Security in the ISO27001 Environment now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.