The Holistic Approach to Application Security
Fortunately, things don’t have to be this way. Instead of taking the doomed approach of trying to test security into the product at the very end, start at the very beginning and work security activities into every phase of the development lifecycle. I know that it sounds as if this would slow development down to a crawl, but the gains you make in avoiding the penetrate-and-patch cycles more than make up for the extra time you spend in design and development.
This kind of holistic approach to application security is the approach taken by some of the world’s most security-successful software companies including Symantec, EMC, and Microsoft. We’re sure that some of you reading this right now are shaking ...
Get Web Application Security, A Beginner's Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.