Dismiss Notice
You are browsing this site as a guest. It takes 2 minutes to CREATE AN ACCOUNT and less than 1 minute to LOGIN

To system developers: What part of the development process do you consider security?

Discussion in 'Tech, Gadgets & Science Forum' started by redSilverDog, Dec 31, 2010.

  1. redSilverDog

    redSilverDog JF-Expert Member

    #1
    Dec 31, 2010
    Joined: Sep 18, 2010
    Messages: 486
    Likes Received: 3
    Trophy Points: 0
    Security,
    very important! but how many developers do consider security threats at early stages? I once read somewhere, it 10x expensive to 'retrofit' security than to design at the beginning.

    What security techniques and principles do you apply?
     
  2. Mtazamaji

    Mtazamaji JF-Expert Member

    #2
    Dec 31, 2010
    Joined: Feb 29, 2008
    Messages: 5,972
    Likes Received: 27
    Trophy Points: 0
    IT willl depend on developement approach used. But security consideration and requirement should be gattered right fromthe initial phase of development phase regardkess of the approach.

    sija particpte kwenye project miaka mingi but through experince and knowledge nadhani SRS( system requiiremnt specifiction) ni one of the output document inayotakiwa kugusia scope za security katika system. Hii SRS document in one of delivery katika phase ya Detailed Analysis

    Factor nyingine ni size. Kama size ya project au system ni ndogo then it wont be big issue but kam size ya project ni kubwa then right from the beggining.

    For best practice mwanzoni= Analysis
     
  3. redSilverDog

    redSilverDog JF-Expert Member

    #3
    Dec 31, 2010
    Joined: Sep 18, 2010
    Messages: 486
    Likes Received: 3
    Trophy Points: 0
    And who is responsible for security design?
     
  4. MAHENDEKA

    MAHENDEKA Senior Member

    #4
    Dec 31, 2010
    Joined: Jul 9, 2010
    Messages: 189
    Likes Received: 13
    Trophy Points: 35
    Lengo la kusecure system ni kuprevent attacks, remember
    hackers wanafanya attack s in three forms 1.attack on confidentiality
    2.attack on integrity
    3.attack on authentification and authorization
    Kimsingi security measures should be taken into consideration in all stages of development, from System requirement Specification mpaka kwenye Implementation japokuwa wengi wanaiconsider sana mwanzoni
     
  5. r

    rpclem Member

    #5
    Jan 1, 2011
    Joined: Sep 29, 2007
    Messages: 5
    Likes Received: 0
    Trophy Points: 0
  6. YeshuaHaMelech

    YeshuaHaMelech JF-Expert Member

    #6
    Jan 1, 2011
    Joined: Oct 12, 2010
    Messages: 2,624
    Likes Received: 2
    Trophy Points: 0
    It depends on Philosphy and Type of Application you are designing.
    The real security issue is at coding level although risk assessment is at design level.
    I will consider Data Access Layer deisgn as part that security must be well tight as it is part of Desktop app. that accesses data. BLL and GUI have little concern. And if you subscribe to MVC philosophy then design of Model is critical

    My 2 cents
     
  7. kapistrano

    kapistrano JF-Expert Member

    #7
    Mar 26, 2016
    Joined: Apr 2, 2012
    Messages: 1,202
    Likes Received: 8
    Trophy Points: 135
    kwa upande wangu lazima uwe familiar na (SDLC) System development life cycle ambapo kwenye kila stage inakwambia vitu vya kuzingatia so even security will be there.
     
  8. MK254

    MK254 JF-Expert Member

    #8
    Mar 28, 2016
    Joined: May 11, 2013
    Messages: 6,204
    Likes Received: 1,699
    Trophy Points: 280
    As a developer, every line of code must be written with security in mind. You must employ the concept of "defensive programming". Ensure every possible loophole is sealed before releasing your system. It's important to discuss security throughout the cycle of your system development, right from requirements gathering to software release.

    However, I always make it clear to my clients that security of a system is as strong as the weakest point. As the developer, I can only do so much, but there are instances where I can't have control. Take for instance, a system administrators who are reckless with their passwords and allowing them to be copied and used by everyone. Or an admin who just got fired and they didn't remember to rid him/her off the system.

    Security is a very long topic, and given the meager budgets allocated to systems development at times, it gets very difficult for developers to ensure all standards have been met.
     
Loading...