• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Protection of Information Assets

Temple University

Protection of Information Assets

MIS 5206.701 ■ Fall 2022 ■ William Bailey
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit #1: Understanding an Organization’s Risk Environment
      • Unit #2: Case Study 1 – Snowfall and stolen laptop
      • Unit #2: Data Classification Process and Models
      • Unit #3: Risk Evaluation
      • Unit #4 Case #2: Autopsy of a Data Breach: The Target Case
      • Unit #5: Creating a Security Aware Organization
      • Unit #6: Physical and Environmental Security
    • Second Half of the Semester
      • Unit #8 Case Study 3 – A Hospital Catches the “Millennium Bug”
      • Unit #9: Business Continuity and Disaster Recovery Planning
      • Unit #10: Network Security
      • Unit #11: Cryptography, Public Key Encryption and Digital Signatures
      • Unit #12: Identity Management and Access Control
      • Unit #13: Computer Application Security
  • Deliverables
    • Weekly Deliverables
      • “In the News” Articles
      • Answers to Reading Discussion Questions
      • Comments on Reading Discussion Question and Other Students’ Answers
    • Case Studies
    • Team Project
  • Class Capture Videos

Question 3

November 9, 2022 by William Bailey 15 Comments

How would you determine if an applications development project team was using secure coding practices?

Filed Under: Unit 13: Computer Application Security Tagged With:

Reader Interactions

Comments

  1. David Vanaman says

    November 14, 2022 at 7:24 pm

    In a single word: testing. Put the code through testing tools such as SAST and DAST code analysis tools. Pentest the application. Have an independent code review. Secure coding is not black magic, it is testable and can be improved through iterative test and development cycles.

    Log in to Reply
    • Jill Brummer says

      November 14, 2022 at 9:30 pm

      I like your single word answer and completely agree with testing. As long as there is documentation to prove the testing was performed, it would be easy to determine if the project team used secure coding practices.

      Log in to Reply
    • Abayomi Aiyedebinu says

      November 15, 2022 at 4:40 am

      Hi Dave ,
      I agree with you testing by validation and verification is the best way to determine if an applications development project team was using secure coding practices

      Log in to Reply
  2. Nicholas Foster says

    November 14, 2022 at 8:58 pm

    There are several ways you can ensure a dev team has practiced secure coding. The first and most obvious that comes to mind is auditing. Be it internal, external or both. Obviously if internal, those who worked on the code would not participate. Ideally, where allowed, external auditing from a trusted source with credible auditing experience. Those external have nothing to lose when pointing out bad practices, as well as another set of eyes external to the project help find flawed, redundant, or all together missing code.

    Log in to Reply
    • Kenneth Saltisky says

      November 16, 2022 at 2:56 pm

      Hi Nicholas,

      I agree that performing a code audit is ideal for secure code testing. Audits can be very in-depth and can encompass all aspects of an application and can reveal flaws that other forms of testing might not find.

      Log in to Reply
    • David Vanaman says

      November 16, 2022 at 5:21 pm

      External audits and code review are powerful tools to catch issues that internal reviews either miss or are oblivious to. However, they come with one big downside: cost. External audits have a significant cost factor is both time and money. They are therefore, best used for final testing on big projects or those with substantial risks.

      Log in to Reply
  3. Jill Brummer says

    November 14, 2022 at 9:22 pm

    In order to determine if an applications development project team was using secure coding practices, an audit can be performed on the various secure coding practice policies. For example, for data validation, a sample of inputs and reports could be audited to ensure data inputs and reports were validated and results were as expected. Additionally, security can also be audited, as in access, roles, and segregation of duties. Audit logs can be used to determine if valid, authorized changes were made during implementation.

    Log in to Reply
    • Abayomi Aiyedebinu says

      November 15, 2022 at 4:53 am

      Hi Jill,
      I agree with you auditing and possibly doing substantive testing of samples is key in determining if an applications development project team was using secure coding practices.

      Log in to Reply
  4. Abayomi Aiyedebinu says

    November 15, 2022 at 4:38 am

    One of the ways to determine if an applications development project team was using secure coding practices, is testing by validation and verification as this will provide an objective and independent view of the secure coding. Another way is by logging and auditing to give reasonable assurance.

    Log in to Reply
  5. Parmita Patel says

    November 15, 2022 at 4:19 pm

    One way you can tell if an application development project team was using secure coding is by conducting application security testing and you also run an audit to see who has touched the code. You should be running multiple audits such as internal and external to help see more transparency.

    Log in to Reply
  6. Matthew Stasiak says

    November 15, 2022 at 4:42 pm

    I would implement practices such as database protection from SQL injection, network segmentation, implementing access and identity management, data encryption, and validating input data before using or storing it.

    Log in to Reply
  7. Shepherd Shenjere says

    November 15, 2022 at 7:15 pm

    There are numerous ways to determine whether the an application development project had used secure coding practices. You may perform penetration testing targeting known threats in order to find out. You may also use different techniques to test the code.

    Log in to Reply
  8. Kenneth Saltisky says

    November 16, 2022 at 2:49 pm

    If an organization has policies in place for secure coding practices, leverage these policies. Also, perform code reviews and utilize code analysis tools to verify secure coding practices. Another option is front-end testing for vulnerabilities such as improper validation for input and verifying output display for security and minimum information.

    Log in to Reply
  9. Maxwell ODonnell says

    November 16, 2022 at 4:46 pm

    Referencing the OWASP secure coding practice checklist you can determine if your development team has been implementing the correct development practices. This list contains criteria like input validation, output encoding, session management, access control, authentication, and password management as well as cryptographic controls. Utilizing these guides helps the application maintain data confidentiality, availability, and integrity.

    Log in to Reply
  10. Samuel Omotosho says

    November 17, 2022 at 4:11 pm

    Keeping the programming process as simple as possible is the mantra to live by (Xue, Tang & Fang, 2022). The complex process risks producing inconsistent results and is completely disregarded. A developer should follow the tried-and-true security coding best practices rather than inventing the wheel. The OWASP Foundation provides a wealth of valuable resources that list the most prevalent security risks and is an excellent place to start (Xue, Tang & Fang, 2022). A secure coding checklist can be used to determine if an application development project team is using secure coding practices. The checklist determines the authentication, access control, and verification of the user and whether the file application is specific to the context of the page and the user’s details.

    In conclusion, every person and business are concerned about the security of their data due to increased cyberattacks. Keeping data on a distant server raises many concerns (Sharma & Semwal, 2022). If the chosen software does not adhere to the regulations the relevant regulatory bodies set forth, it may pose a security risk.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Unit 01: Understanding an Organization's Risk Environment (5)
  • Unit 02: Case Study 1 – Snowfall and a stolen laptop (6)
  • Unit 02: Data Classification Process and Models (6)
  • Unit 03: Risk Evaluation (6)
  • Unit 04: Case Study 2 – Autopsy of a Data Breach – The Target Case (3)
  • Unit 05: Creating a Security Aware Organization (6)
  • Unit 06: Physical and Environmental Security (6)
  • Unit 08: Case Study 3 – A Hospital Catches the "Millennium Bug" (2)
  • Unit 09: Business Continuity and Disaster Recovery (6)
  • Unit 10: Network Security (6)
  • Unit 11: Cryptography, Public Key Encryption and Digital Signature (6)
  • Unit 12: Identity Management and Access Control (6)
  • Unit 13: Computer Application Security (6)
  • Welcome (1)

Copyright © 2023 · Course News Pro on Genesis Framework · WordPress · Log in