Skip to main content Skip to main navigation Skip to search Skip to footer
Type to Search Subscribe View Tags

HCL Technologies

Importance of Security in Developing Software Applications and Products

Importance of Security in Developing Software Applications and Products
Rahul Kumar Gupta | July 1, 2010

In a world where we are fast moving towards e-commerce and business is happening over Web/Internet, security is an area of major concern for all kinds of applications B2B, B2C, or C2C because of the nature of the HTTP, which poses certain security pitfalls. Technology, languages and API make for interesting discussions, but Application Security is a topic which remains one of the most talked about. There has always been a race between positive thinkers (Implementers) and Negative thinkers (Hackers).

Whenever we start any project we usually think about its functional requirements, target segment, etc. There has always been a need to think seriously about Security requirements as well. Similarly, when we undertake development and QA, the major thrust is on feature implementation and functional testing. It is not that functional requirements should not be given importance, but we should give equal importance to security as well.

Security breach or breakdown of system due to security issues can directly and indirectly lead to

  1. Loss of new business opportunity
  2. Loss in existing business.
  3. Loss of credibility.
  4. Losing competitive edge over the competitor.

and all these ultimately result in monetary losses.

Security significance across Project phases

                                            Security significance across Project phases

One of the recent examples is the failure of an online pre–ordering system of one of the world’s biggest telecom service provider. The online system has been down for some days because of security issues leaving a monetary impact, and most importantly an impact on credibility.

Security is a continuous process and ends only when a system expires. Ideally speaking, to successfully identify and resolve all the security issues within an application, we have to treat the security as part of the application SLDC itself and not as a separate entity i.e. we should integrate security into SDLC.

Securing applications requires a combined effort in all areas like requirement gathering, application design, server management, network management and Security Auditing . As threat landscape for applications keep changing so we should perform Threat modeling, Security Auditing and security reviews on regular basis followed with security policies update to make system safer and compliant with Industry standards.

Contact Us

We will treat any information you submit with us as confidential.

We will treat any information you submit with us as confidential.

Sign in to Add this article to your Reading List