Important Guidelines for Secure Design and Development

  1. Understand the Security Requirements
    of the application (functionality and
    data related) and document them as
    part of the Requirements
    Specifications Document.
  2. Ensure that the Security Requirements
    are considered during architecture
    and design of the app.
  3. Follow secure coding standards.
  4. Validate all the inputs including the
    boundary checks, checks against
    allowed values, and format.
  1. Ensure strong login mechanisms
    (including the need for strong
    passwords).
  2. Encrypt transmitted data.
  3. Ensure periodic mandatory
    change of passwords.
  4. Apply the Least Privilege
    Principle     when assigning access
    rights to parts of the application.
  5. Handle errors correctly.
  6. Handle exceptions correctly.
  7. Configure the app correctly.
  1. Use vetted (checked) algorithms.
  2. Conduct counter-checks to ensure
    complete and accurate processing
    of data.
  3. Delete all unused functions.
  4. Ensure proper logout mechanisms.
  5. Use secure protocols.
  6. Ensure proper logging
    and auditing mechanisms.
  7. Conduct rigorous testing.
  8. Carefully control software releases.
These notes by Miriam Briskman are licensed under CC BY-NC 4.0 and based on sources.