-
-
-
- Introduction to security
- Secure development
- Security certification
- Field properties concerning security
- Developing user groups securely
- Security considerations for user interface
- Secure file organization
- Securely using the request
- Cross Site Scripting (XSS)
- Other options concerning secure development
- Security analysis
- Secure deployment
- Secure application management
- Scrambling of testdata
- Anonymization of personal data
- Using robots.txt
- Permission settings
- Security measures
- Data encryption
Secure development
Secure development of applications demands constant attention. Every employee of an organization should be aware of the subject of secure development. For this reason it is important that security is regularly discussed, for instance as a recurring agenda item.
The three most important points of attention in regards to information security are:
- Confidentiality
This entails that only authorized persons or systems should have access to information. It is of utmost importance that sensitive data is not accessed by unauthorized agents. This can be done by obligating strong passwords, 2-factor authentication, using access control systems, encryption and secure networks. - Integrity
This describes the accuracy and completeness of data. It is important to ensure that data can't be changed, corrupted or deleted by unauthorized agents. This can be done by implementing control mechanisms like validations, back-ups, version control and secure storage. - Availability
This means that data should be accessible when asked for by authorized agents. It is of great importance that systems and data stays accessible, even in case of outages, cyber-attacks or even natural disaster. Measures like regular back-ups, redundancy, disaster recovery planning and monitoring can help to guarantee availability.
It is important to develop a security policy that takes these three points into account. This policy should also be subject to regular evaluation, and should be updated regularly to account for new security risks. This also means becoming aware of risky situations, the odds that they occur and the impact they can have.