Implementing a Security Plan
Security is not something that is bolted on to an application the day before it gets promoted to production. It should be considered as early in the design process as possible. To ensure that this happens, it’s a good idea to have a security plan when building applications. The plan should be broad enough to meet your requirements yet brief enough to remain practical.
As part of the security plan, it is essential that some sort of security review process is devised and incorporated into your development process. This review process can be automated, manual, or a bit of both, depending on what you’ve assessed ...