Software Development Security

Software development teams should follow some guidelines and practices in order to create safe software.

When developing software, you should beware of leaving backdoors or maintenance hooks.

Secure Software Development Frameworks

You can read more about secure software development frameworks on this post.

Software Security Testing Frameworks

You can read more about software security testing frameworks on this post.

Software Bill of Materials (SBOM)

A software bill of materials (SBOM) is a machine-readable list of software’s internal components.

SBOMs are necessary to more easily identify vulnerabilities and understand software supply chains, so that everyone can keep their software systems more secure.

You can read more about SBOM on this post.

Code Review Methods

Code Review Methods:

  • Pair programming: live review by a colleague that reviews the code while the other programs.
  • Peer review: review by a colleague.
  • Team review: review by a team.
  • Pass-around reviews: review through e-mail or using a central review system, allowing to do it asynchronously.
  • Fanagan inspection: formal review process involving both the team and developer.

Application Security Testing (AST)

You can read more about AST on this post.

Software Secure Coding Standards

Software Secure Coding Standards:

  1. SANS / CEW Top 25
  2. OWASP ASVS
  3. SAFECode

CEW Top 25 Most Dangerous Software Errors

SANS / CEW Top 25 Most Dangerous Sofware errors

OWASP ASVS

OWASP Application Security Verification Standard (ASVS)

It consists of 3 levels of security verification:

  1. Low assurance level, that can be done entirely through penetration testing
  2. Most applications
  3. Critical applications security validation, that requires in-depth validation and testing.

There are controls that only apply to certain levels.

OWASP ASVS official website

SAFECode

Software Assurance Forum for Exceleence in Code (SAFECode) is a industry group.

SAFECode publishes the SAFECode Fundamental Practices for Secure Software Development. As of 2024, it latest version is Third Edition from 2018.

You might also be interested in…

Leave a Reply

Your email address will not be published. Required fields are marked *