Difference between revisions of "Category:CLASP Best Practice"

From OWASP
Jump to: navigation, search
m
 
Line 1: Line 1:
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}
  
==Overview==
+
 
 +
==Best Practices==
 +
#[[:Category:BP1 Institute awareness programs|Institute awareness programs]]
 +
#[[:Category:BP2 Perform application assessments|Perform application assessments]]
 +
#[[:Category:BP3 Capture security requirements|Capture security requirements]]
 +
#[[:Category:BP4 Implement secure development practices|Implement secure development practices]]
 +
#[[:Category:BP5 Build vulnerability remediation procedures|Build vulnerability remediation procedures]]
 +
#[[:Category:BP6 Define and monitor metrics|Define and monitor metrics]]
 +
#[[:Category:BP7 Publish operational security guidelines|Publish operational security guidelines]]
 +
 
 +
 
 +
==Discussion==
 
If security vulnerabilities built into your applications’ source code survive into production, they can become corporate liabilities with broad and severe business impact on your organization. In view of the consequences of exploited security vulnerabilities, there is no reasonable alternative to using best practices of application security as early as possible in — and throughout — your software development lifecycle. See figure 3.
 
If security vulnerabilities built into your applications’ source code survive into production, they can become corporate liabilities with broad and severe business impact on your organization. In view of the consequences of exploited security vulnerabilities, there is no reasonable alternative to using best practices of application security as early as possible in — and throughout — your software development lifecycle. See figure 3.
 
[[Image:CLASP_Best_Practices.gif|none|thumb|600px|Business View of Best Practices of Software Security]]
 
[[Image:CLASP_Best_Practices.gif|none|thumb|600px|Business View of Best Practices of Software Security]]

Latest revision as of 12:04, 19 June 2006


Best Practices

  1. Institute awareness programs
  2. Perform application assessments
  3. Capture security requirements
  4. Implement secure development practices
  5. Build vulnerability remediation procedures
  6. Define and monitor metrics
  7. Publish operational security guidelines


Discussion

If security vulnerabilities built into your applications’ source code survive into production, they can become corporate liabilities with broad and severe business impact on your organization. In view of the consequences of exploited security vulnerabilities, there is no reasonable alternative to using best practices of application security as early as possible in — and throughout — your software development lifecycle. See figure 3.

Business View of Best Practices of Software Security

To be effective, best practices of software application security must have a reliable process to guide a development team in creating and deploying a software application that is as resistant as possible to security vulnerabilities. Within a software development project, the CLASP Best Practices are the basis of all security-related software development activities — whether planning, designing or implementing — including the use of all tools and techniques that support CLASP.

Subcategories

This category has the following 7 subcategories, out of 7 total.