White Papers for International Standards Organization (ISO) 27002 (17799)

The Path to a Secure Application: A Source Code Security Review Checklist

Ounce Labs

The ongoing epidemic of data breach notifications forced by today’s data breach disclosure laws has painfully highlighted the insecurity of many of today’s applications. How, then, can organizations ensure their applications are secure, and avoid the cost and public relations fallout — not to mention stock price downturn — inherent in issuing numerous security patches, or worse, having to explain to consumers and regulators how code defects allowed attackers to steal people’s sensitive and perhaps regulated information?

The path to creating a secure application begins by rigorously testing source code for any and all vulnerabilities, to ensure the application will not compromise, or allow others to compromise, data privacy and integrity.
For companies using custom-built, outsourced, or open source applications in-house, ensuring all current and legacy code is secure, however, will be no small challenge. Detecting and eradicating security vulnerabilities has historically been extremely difficult. Many organizations relied on manual code review, which is costly and labor-intensive, as well as penetration testing, which examines only a subset of potential application vulnerabilities in an application.

View the White Paper

Share or bookmarklet this web page at: