Important Guidelines for Secure Design and Development
- Understand the Security Requirements
of the application (functionality and
data related) and document them as
part of the Requirements
Specifications Document.
- Ensure that the Security Requirements
are considered during architecture
and design of the app.
- Follow secure coding standards.
- Validate all the inputs including the
boundary checks, checks against
allowed values, and format.
- Ensure strong login mechanisms
(including the need for strong
passwords).
- Encrypt transmitted data.
- Ensure periodic mandatory
change of passwords.
- Apply the Least Privilege
Principle when assigning access
rights to parts of the application.
- Handle errors correctly.
- Handle exceptions correctly.
- Configure the app correctly.
- Use vetted (checked) algorithms.
- Conduct counter-checks to ensure
complete and accurate processing
of data.
- Delete all unused functions.
- Ensure proper logout mechanisms.
- Use secure protocols.
- Ensure proper logging
and auditing mechanisms.
- Conduct rigorous testing.
- Carefully control software releases.