Secure Software Development Practices Landing Page

For more information on securing your data, see Information Protection @ MIT.

On this page:

Overview
How to

Introduce Security into the Design phase of your project
Ensure Security is implemented throughout the development/testing process
Deploy a Secure finished product

Troubleshooting and FAQ's
See Also
Have Questions or Still Need Help?

Overview

Building security into software during the early stages of the development cycle is the most effective way to limit the deployment of flawed software and address security issues before they become vulnerabilities. It is also less costly to incorporate security from the start than it is to try to add it on at the end. Secure development of software includes the identification of security requirements during the design phase, establishing a process of code reviews throughout the project, using code analysis tools, and testing code specifically for common security bugs.

How to

Introduce Security into the Design phase of your project

Projects often start with identifying set of requirements to be implemented upon delivery.

Ensure Security is implemented throughout the development/testing process

Establish a code review process and follow secure coding practices from the start. This process should include peer reviews and be a part of your project plan/schedule. Additionally, software development tools such as Burp Suite , Fiddler, OWASP ZAP can further enhance security testing throughout a project life cycle. Once a prototype or beta version is available contact the security team to run an application security vulnerability scan and fuzz testing. This will identify common web application vulnerabilities such as sql injection, cross-site scripting, and cross site request forgery that are usually a result of underlying code.

Deploy a Secure finished product

Remediate any vulnerabilities from the code scans and set up a process to review/remediate any security issues that may arise once the application moves into production. Both should be a recurring process.

Troubleshooting and FAQ's

Web Application Vulnerabilities

Have Questions or Still Need Help?

Secure Software Development Practices Landing Page

Overview

How to

Introduce Security into the Design phase of your project

Ensure Security is implemented throughout the development/testing process

Deploy a Secure finished product

Troubleshooting and FAQ's

See Also

Have Questions or Still Need Help?

IS&T Contributions

Documentation and information provided by IS&T staff members →

Last Modified:

Get Help