CHAPTER THIRTEENSecure Development

You simply cannot test your application secure.

– John Steven

BUILDING A PRODUCT, whether it is software-as-a-service (SaaS), Internet of Things (IoT), smart devices, or a mobile app, must include security from the start. Doing so will allow your organization to grow and scale security with your product and keep teams focused on their primary goals. Implementing security after the fact will create unnecessary friction and delays in projects that are core to your business.

Building a minimally viable product (MVP) should have some basics of security baked into it. For example, if you are building a business intelligence SaaS product, it should, by default, communicate over HTTPS, the secure protocol used in web browsers. Consideration should be taken on how you store customer data and who has access to it. When it's just you and your fellow founders, all employees might have access to all customer data. This, however, is not appropriate when you are at 10, 50, or 1000 employees.

Secure coding is not always a straightforward process but many modern tools of today help to enable developers to avoid common mistakes. It should be noted that these automated tools can only do so much.

There are also thousands of open source and commercially available libraries of code to accelerate your development and avoid having to rebuild the wheel. Things like communication and storage encryption are something you should always use a common library for and ...

Get Start-Up Secure now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.