Doing More with Less


After your design work is complete, continue baking in security during implementation. Use secure coding libraries and avoid dangerous methods such as JavaScript eval. Perform static and dynamic analysis as often as possible, preferably every day or even every build, by integrating your analysis engines with your build server. Again, there are excellent, free security-analysis tools if you don't have the budget for commercial ones.

You should also resist the temptation to save money by skimping on security. Not only is it penny-wise and pound-foolish-the criminals certainly won't be scaling back their efforts any time soon-but it's also unnecessary. By spending a little more time thinking about security up front and integrating secure coding practices and tools into your development lifecycle, you can help prevent big expenses down the road.


About the author

Bryan Sullivan's picture Bryan Sullivan

Bryan Sullivan is a security program manager on the Security Development Lifecycle (SDL) team at Microsoft. He is a frequent speaker at industry events, including Black Hat, BlueHat, and RSA Conference. Bryan is also a published author on Web application security topics. His first book, Ajax Security was published by Addison-Wesley in 2007.

AgileConnection is one of the growing communities of the TechWell network.

Featuring fresh, insightful stories, is the place to go for what is happening in software development and delivery.  Join the conversation now!