Introduction to Lock It Up

When I started thinking about writing this Blog, I asked myself what type of information could I provide to everyone that would be interesting? Could I provide Web Services Security information? Could I write about the correct way to code a function? Could I go into specific technologies around Application Security like XML Firewalls and Federation?

Then, when I looked back at what I had been doing over the last few years in Application Security, I realized that the primary thing that I’ve been preaching was the need for the PROCESS to be done properly. Secure the Application Engineering process, provide the proper guidance to the Application Architects and Developers, ensure that the Code was tested with Security in mind and the end result is a much more secure Application.

So that’s what this column is going to go into. I’ll write about creating a Secure Development Lifecycle, which will go into Best Practices, Tools, Checklists as well as the experiences that I’ve seen go into those activities. I’ll write about how your organizations can leverage different pieces of information, whether they are commonly available Whitepapers or Commercially available tools. But, most importantly, I’ll provide you information that will help you ensure that the applications that you write, whether they are for internal use or for external sale, are written in a secure manner.

In essence, I will follow the old axiom: "Give a man a fish, and he eats for a day. Teach a man to fish, and he eats for a lifetime".

So, prepare to learn to fish. And, hopefully, you’ll be able to start fishing safe in the knowledge that you are doing so securely.

Neil R.

Posted at 06:28 PM  Permalink