IMQ Minded Security supports you implementing a Secure Design practice
In this phase, a review of the application design is carried out from a safety point of view. It is not unusual for design limitations to arise in the construction phase. If the design is unclear or ambiguous, developers should return to the design team for clarification. It is important that the development team be aware of the benefits of returning to the design team for guidance instead of implementing an ad hoc solution.
As the final stage of the design process, the design must be validated to meet all the safety requirements identified in the requirements phase. Ideally, this should be done by a person not involved in the design or implementation process such as an Application Security Specialist.
The objectives of this activity are the following:
- Identify critical procedures;
- List the potential identified problems that need to be addressed in the design;
- Document security countermeasures by describing how problems identified in the design are addressed;
- Make sure that security is integrated into the design in future projects.
User registration, error management, input validation, authentication and access to databases are the first examples of areas that are best managed centrally and therefore must be addressed in the planning phase. To ensure that security is addressed in design, a member of the design team should be identified as the security champion for design in the subsequent analysis phases.
IMQ Minded Security supports customers implementing a Secure Design practice into the Software Development Lifecycle performing customized training. We also perform Secure Design Review on new projects delivering an output with a new and more secure design to implement before the development process will take place.