Final word
This document should be seen as a starting point rather than a comprehensive set of techniques and practices. We want to again emphasize that this document is intended to provide initial awareness around building secure software.
Good next steps to help build an application security program include:
- To understand some of the risks in web application security please review the OWASP Top Ten .
- A secure development program should include a comprehensive list of security requirements . Use Threat Modeling to identify potential security threats, derive security requirements, and tailor security controls to prevent those. Use standards such as the OWASP (Web) ASVS and the OWASP (Mobile) MASVS which provides a catalog of available security requirements along with the relevant verification criteria.
- To understand the core building blocks of a secure software program from a more macro point of view please review the OWASP OpenSAMM project.