Reach ’em and teach ’em–educating developers on application security

How are developers supposed to build security throughout the development lifecycle if they are not taught security at any stage of their education? Vulnerabilities exist because products made by developers who have close to no knowledge of security are hitting the market. Rather than accept the idea that software will never be 100 percent secure, academia and industry leaders can be more proactive and teach developers how to think about application security. In a white paper, “App-Sec How-To Guide: Getting your Developers to Beg for Security” security vendor Checkmarx said, “The real secret, then, to getting developers excited about creating secure code is to use those techniques and tools that motivate them in other areas of their work: a way to visualize their work; providing a strong support system; giving solid feedback in a short timeframe; and allowing developers to learn not only from their own mistakes, but also from those developers around them.” Asaph Schulman, vice president of marketing at Checkmarx, said that focusing on security throughout the development process demands understanding the most common application layer security vulnerabilities. “SQL injection is one,” said Schulman. “Any teenager with a ‘Hacking for Dummies’ book can exploit and create huge damage with something so simple.” Continue reading this article on CSO Online
Skip to content