Application and Software Development Life Cycle

Integrating security early into the application development life cycle produces more secure, robust applications at a lower cost

A common misconception is that applications should be secured after they are developed but before deployment to the production environment. Performing an application security audit after they are completed typically results in massive amounts of security flaws. Some of these flaws can involve serious architectural issues. In a best case scenario, developers can expect to invest an immense amount of time and effort to fix these flaws. At worst, the application may require recoding and an overhaul of its architecture. Performing application security in this manner is incredibly expensive and time consuming. Integrating security into the early phases of the software development life cycle neutralizes this cost and produces more secure applications in far less time.

Foundstone measures the maturity of your application security efforts and helps you determine next steps by evaluating your SSDLC against a baseline of our seven best practice areas:

• Awareness and training
• Assessment and audit
• Development and quality assurance
• Compliance
• Vulnerability response
• Metrics and accountability
• Operational security

Our best practices based methodology was developed in collaboration with McAfee Chief Security Architect John Viega, foremost applications security expert and author of Building Secure Software.

Click here to view a full datasheet about this service. Contact us to learn how our security services can help you protect your most important assets today.

RFP Template

Foundstone has developed this Request for Proposal("RFP") template to help organizations identify and select a quality security vendor to perform professional services work.

> Download

home | services | company | education | resources | contact | privacy policy | site map | McAfee.com