Blog 5

As mentioned in previous blogs, Application Security is my favorite topic within Information Security.  Some of my work on this topic was the development of a Secure SDLC (Software Development Lifecycle) standard, which basically includes security in the entire SDLC, from the very early phases, before any coding begins. This is the best time to include security in an application, as mitigation of security and privacy issues at these early stages is much easier and less expensive than when the application has been built. Near the end of the development project, it is sometimes difficult to fix security issues – sometimes even not possible – and fixes are bolt on the application to mitigate the issue, but not really solving it.  

In this project, I had the fortune of working with Michael Howard, one of the creators of Microsoft SDL! He taught me and the team so much about how to get this rolling with very practical steps, and how to start that mind-shift among the Development teams. He was passionate about this topic as well, so I really enjoyed working with him.  The result was a process that was successfully adopted by the main Development area in the Company, with excellent results.  

In the next blogs, I will talk about some of the key steps in the Secure SDLC process.