Access Keys:
Skip to content (Access Key - 0)

Secure Software Development Practices Landing Page

For more information on securing your data, see Information Protection @ MIT.

On this page:

Overview

Building security into software during the early stages of the development cycle is the most effective way to limit the deployment of flawed software and address security issues before they become vulnerabilities.  It is also less costly to incorporate security from the start than it is to try to add it on at the end.  Secure development of software includes the identification of security requirements during the design phase, establishing a process of code reviews throughout the project, using code analysis tools, and testing code specifically for common security bugs.  

How to

Introduce Security into the Design phase of your project

Projects often start with identifying set of requirements to be implemented upon delivery. 

Ensure Security is implemented throughout the development/testing process

Establish a code review process and follow secure coding practices from the start.  This process should include peer reviews and be a part of your project plan/schedule. Additionally, software development tools such as Burp Suite , Fiddler, OWASP ZAP can further enhance security testing throughout a project life cycle.  Once a prototype or beta version is available contact the security team to run an application security vulnerability scan and fuzz testing.   This will identify common web application vulnerabilities such as sql injection, cross-site scripting, and cross site request forgery that are usually a result of underlying code.  

Deploy a Secure finished product

Remediate any vulnerabilities from the code scans and set up a process to review/remediate any security issues that may arise once the application moves into production.  Both should be a recurring process. 

Troubleshooting and FAQ's

See Also

Have Questions or Still Need Help?

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

November 26, 2019

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
infoprotect infoprotect Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki