Secure coding is a topic that books are written about, classes are taught on and careers are made and, in some cases, broken over. With the onslaught of contractual and regulatory mandates that organizations are finding they must comply with in the wake of high-profile data breaches where health information, Social Security numbers or otherwise personally identifiable information are compromised, application security, like information security in general, is sizzling hot.
At least for the moment, there has been quite a push for the security specialist to bring to the table the expertise needed to secure the borders of an organization. The problem, however, is that while we focus on our network perimeters, develop new policies on handling sensitive information, implement security awareness programs and patch and update our systems, there continues to be a significant gap. Many of our applications remain, in large part, vulnerable. Organizations are simply not doing enough to protect themselves at the application layer.
Most IT security pros were not application developers in a previous life. In fact, most do not have any formal application development training, and many more cannot write a snippet of code. Yet these security professionals have written books, are sought-after speakers for international conferences and, by most anyone’s definition, are highly regarded security experts. Up to this point, their focus has been on areas other than application-level security. As you might imagine, many organizations are coming to the realization that it is time to close that gap, and the…
Please log in or subscribe to read this article