Category:CLASP Best Practice

Best Practices

 * Institute awareness programs
 * Perform application assessments
 * Capture security requirements
 * Implement secure development practices
 * Build vulnerability remediation procedures
 * Define and monitor metrics
 * Publish operational security guidelines

Discussion
If security vulnerabilities built into your applications’ source code survive into production, they can become corporate liabilities with broad and severe business impact on your organization. In view of the consequences of exploited security vulnerabilities, there is no reasonable alternative to using best practices of application security as early as possible in — and throughout — your software development lifecycle. See figure 3.

To be effective, best practices of software application security must have a reliable process to guide a development team in creating and deploying a software application that is as resistant as possible to security vulnerabilities. Within a software development project, the CLASP Best Practices are the basis of all security-related software development activities — whether planning, designing or implementing — including the use of all tools and techniques that support CLASP.